[squid-users] SOLVED - SECURITY ALERT: Host header forgery detected

Tue May 15 14:02:08 UTC 2018

Hey Martin,

Technically there should be a way to inform Squid-Cache about multiple addresses for the same destination.
If Squid doesn't know that it's a real IP of the domains a partial solution is to use the same DNS service but it can also be something else.
For example there should be a way\option for squid to decide if this address of the client or server is secured.

Amos what do you think?
Can a Host header forgery detection override acl be added? Should it be added?
I believe that  if there are some properties to the remote certificate we can flag the service as "Secure"
IE if the OS runs a "openssl s_client -host www.ubuntnu.com -connect 91.189.89.118:443
 And the certificate is fine then... it's there is no place for any SECURITY ALERT.

I believe that a simple ACL addition which will depend on an external acl helper could be a good option.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Martin Hanson
Sent: Monday, May 14, 2018 09:00
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SOLVED - SECURITY ALERT: Host header forgery detected

> So I finally got the whitelist working, but now every other box on the "localnet", when trying to access the whitelist, gets a:
> 
> 2018/05/14 07:40:18 kid1| SECURITY ALERT: on URL: www.ubuntu.com:443
> 2018/05/14 07:40:18 kid1| SECURITY ALERT: Host header forgery detected on local=91.189.89.118:443 remote=192.168.1.4:43354 FD 23 flags=33 (local IP does not match any domain IP)

I made a mistake..

".. ensure that the DNS servers Squid uses are the same as those used by the client(s)"

Fixed.

Kind regards.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users