[squid-users] Host Header Forgery issue even after applying patch

gkjo gkjoshi at gmail.com
Mon May 13 15:49:05 UTC 2019


Hi There 

I have installed Squid 3.5-20 in transparent mode (using WCCP ) and facing
lots of false 

positive for SSL sites (Host header forgery detected ), we are using just
Peak and slice and 

not actually bump-ing the traffic . 

2019/05/08 23:51:05 kid1| SECURITY ALERT: on URL: outlook.office365.com:443
2019/05/08 23:51:05 kid1| SECURITY ALERT: Host header forgery detected on
local=40.100.2.98:443 

remote=10.1.1.3:58714 FD 36 flags=33 (local IP does not match any domain IP)

2019/05/08 23:51:05 kid1| SECURITY ALERT: on URL: outlook.office365.com:443
2019/05/08 23:51:16 kid1| SECURITY ALERT: Host header forgery detected on
local=52.98.77.98:443 

remote=10.1.1.3:58717 FD 60 flags=33 (local IP does not match any domain IP)


I did apply the patch (
https://github.com/NethServer/squid/blob/c7/SOURCES/squid-3.5.20-ssl-

forgery.patch) while compile the squid but still getting  same error . is
there anyway to 

verify that "HostHeaderForgery" is disabled and patch is applied correctly ? 

Or is there any other alternative to resolve this issue (not with explicit
proxy). I have verified client and squid have same DNS . 

Regards
Gjoshi



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list