[squid-users] SECURITY ALARM, once more

reinerotto augustus_meyer at gmx.net
Mon Jun 20 17:30:04 UTC 2016

I see quite a few messages like this one in my logs:
 squid[1327]: SECURITY ALERT: on URL: sa.scorecardresearch.com:443
Running squid 3.5.19-20160524-r14057, https-intercept just for logging, so
no bump.
It is understood, that most likely this is because of squids DNS and
browsers DNS not to be in sync.
Besides some "big well known sites" especially ad servers are the problem. 
Having synced all my own  DNS-caches, used by squid or the browsers, finally
I could get rid of most "SECURITY ALARMS" by disabling browsers internal DNS
cache, and pre-fetching DNS, both for firefox and chrome.
Which makes some sense to me, as special DNS-caching policy (60s., fixed,
for firefox) violates TTL, and DNS-prefetch (both firefox and chrome)
_might_ elevate the porpability of using a stale IP, in case of fast
rotation of the IP.
Special settings for the browsers are a bit cumbersome, so the question: Is
it possible to create a new
option for squid, to ignore this type of error ?
If not: Where is the right source file to start some own hacking ?


View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SECURITY-ALARM-once-more-tp4678071.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list