[squid-users] SQUID PROBLEM WITH SITES THAT HAVE MORE THAN ONE IP ADDRESSES

leomessi983 at yahoo.com leomessi983 at yahoo.com
Mon May 11 08:57:15 UTC 2020 

HICOULD YOU PLEASE HELP ME? 
IN INTERCEPTED TOPOLOGY WITH TPROXY I HAVE PROBLEM.
WHAT IS SQUID SOLUTION FOR SITES THAT HAVE MORE THAN ONE IP ADDRESSES? FOR EXAMPLE SITE LIKE GOOGLE.COM RETURN DIFFERENT IP ADDRESS IN EVERY REQUEST AND IF CLIENT GET IP ADDRESS FOR EXAMPLE 1.1.1.1 THAT IS POSSIBLE THAT SQUID GET 2.2.2.2 FOR GOOGLE AND SQUID CAN NOT WORK PROBABLE AND SHOW FORGERY DETECTED ERROR.
IS THERE ANY WAY TO IGNORE THIS OR USE ONLY ONE DNS SERVER OR PREVENT SQUID OR CLIENT TO NOT RESOLVE URLS?
I use same DNS-Server on my clients and my squid server.
Is there any configuration directive in squid to does not resolve requested URLs from client or use their resolved IP addresses?
I use this configuration:
acl acl1 clientside_mark *****tcp_outgoing_mark ***** acl1acl https1 ssl::server_name "/Files/blklist"
ssl_bump bump https1 acl1acl url1 dstdomain "/Files/blklist"
acl Regex1 url_regex "/Files/Reglist"
http_access deny Regex1 acl1http_access deny url1 acl1

#Http configurations
http_access allow all
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 tproxy disable-pmtu-discovery=transparent


#Https configurations
reply_header_access Strict-Transport-Security deny all
https_port 3130 tproxy ssl-bump \
        tls-cert=/conf/cert.cer \
        tls-key=/conf/cert.key \
        generate-host-certificates=on dynamic_cert_mem_cache_size=20MB disable-pmtu-discovery=transparent
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB
sslcrtd_children 10 startup=5 idle=1
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice all

I got this error messeges:
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: Host header forgery detected on local=157.240.20.52:443 remote=172.30.28.38:52346 FD 524 flags=17 (local IP does not match any domain IP)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: on URL: web.whatsapp.com:443
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: Host header forgery detected on local=157.240.20.52:443 remote=172.30.28.38:52347 FD 508 flags=17 (local IP does not match any domain IP)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: on URL: web.whatsapp.com:443
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: Host header forgery detected on local=157.240.20.52:443 remote=172.30.31.31:51567 FD 508 flags=17 (local IP does not match any domain IP)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: on URL: web.whatsapp.com:443
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: Host header forgery detected on local=157.240.20.52:443 remote=172.30.31.31:51568 FD 508 flags=17 (local IP does not match any domain IP)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| SECURITY ALERT: on URL: web.whatsapp.com:443
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| ERROR: negotiating TLS on FD 523: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| Error negotiating SSL connection on FD 518: error:00000001:lib(0):func(0):reason(1) (1/0)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| ERROR: negotiating TLS on FD 502: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| Error negotiating SSL connection on FD 509: error:00000001:lib(0):func(0):reason(1) (1/0)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| ERROR: negotiating TLS on FD 527: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)
May 10 12:47:54 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:54| Error negotiating SSL connection on FD 526: error:00000001:lib(0):func(0):reason(1) (1/0)
May 10 12:47:55 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:55| SECURITY ALERT: Host header forgery detected on local=17.57.12.11:443 remote=172.30.14.50:11985 FD 510 flags=17 (local IP does not match any domain IP)
May 10 12:47:55 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:55| SECURITY ALERT: on URL: gsp64-ssl.ls.apple.com:443
May 10 12:47:55 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:55| SECURITY ALERT: Host header forgery detected on local=17.57.12.11:443 remote=172.30.14.50:11986 FD 510 flags=17 (local IP does not match any domain IP)
May 10 12:47:55 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:55| SECURITY ALERT: on URL: gsp64-ssl.ls.apple.com:443
May 10 12:47:55 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:55| SECURITY ALERT: Host header forgery detected on local=17.57.12.11:443 remote=172.30.14.50:12069 FD 510 flags=17 (local IP does not match any domain IP)
May 10 12:47:55 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:55| SECURITY ALERT: on URL: gsp64-ssl.ls.apple.com:443
May 10 12:47:56 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:56| SECURITY ALERT: Host header forgery detected on local=193.23.244.244:443 remote=217.11.23.195:59994 FD 534 flags=17 (local IP does not match any domain IP)
May 10 12:47:56 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:56| SECURITY ALERT: on URL: www.h7ftf4spvav27.com:443
May 10 12:47:57 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:57| ERROR: negotiating TLS on FD 523: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)
May 10 12:47:57 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:57| Error negotiating SSL connection on FD 260: error:00000001:lib(0):func(0):reason(1) (1/0)
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Preparing for shutdown after 1786 requests
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Waiting 5 seconds for active connections to finish
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Closing HTTP(S) port 0.0.0.0:3128
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Closing HTTP(S) port 0.0.0.0:3129
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Closing HTTP(S) port 0.0.0.0:3130
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| WARNING: /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB #Hlpr3 exited
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Too few /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB processes are running (need 1/10)
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Starting new helpers
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| helperOpenServers: Starting 1/10 'security_file_certgen' processes
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| WARNING: /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB #Hlpr4 exited
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Too few /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB processes are running (need 1/10)
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| storeDirWriteCleanLogs: Starting...
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58|   Finished.  Wrote 0 entries.
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58|   Took 0.00 seconds (  0.00 entries/sec).
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| FATAL: The /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB helpers are crashing too rapidly, need help!
May 10 12:47:58 squid[] [user:alert:09]: FATAL: The /usr/lib64/squid/security_file_certgen -s /var/lib/ssl_db -M 20MB helpers are crashing too rapidly, need help!
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Squid Cache (Version 4.7): Terminated abnormally.
May 10 12:47:58 squid[23231] [daemon:info:1e]: 2020/05/10 12:47:58| Removing PID file (/var/run/squid.pid)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200511/acabf955/attachment-0001.html>

More information about the squid-users mailing list