[squid-users] "intercepted port does not match 443"
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon May 11 13:01:38 UTC 2020
Hello,
we have intercepting squid on one router and these messages started appear
sometimes:
2020/05/11 13:41:23 kid1| SECURITY ALERT: Host header forgery detected on local=[XXX]:80 remote=192.168.1.224:1040 FD 69 flags=33 (intercepted port does not match 443)
2020/05/11 13:41:23 kid1| SECURITY ALERT: By user agent: Microsoft BITS/6.7
2020/05/11 13:41:23 kid1| SECURITY ALERT: on URL: armmf.adobe.com:443
2020/05/11 13:41:23 kid1| kick abandoning local=[XXX]:80 remote=192.168.1.224:1040 FD 69 flags=33
I am aware of possible interception issues but what exactly does this
message mean? The original destination port is 80, why does squid complain
about it not being port 443?
the iptable rules:
Chain PREROUTING (policy ACCEPT 1759K packets, 217M bytes)
pkts bytes target prot opt in out source destination
37068 1966K REDIRECT tcp -- lan0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8888
thanks.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
More information about the squid-users
mailing list