[squid-users] "intercepted port does not match 443"
Amos Jeffries
squid3 at treenet.co.nz
Sun May 17 10:58:49 UTC 2020
On 12/05/20 1:01 am, Matus UHLAR - fantomas wrote:
> Hello,
>
> we have intercepting squid on one router and these messages started appear
> sometimes:
>
> 2020/05/11 13:41:23 kid1| SECURITY ALERT: Host header forgery detected
> on local=[XXX]:80 remote=192.168.1.224:1040 FD 69 flags=33 (intercepted
> port does not match 443)
> 2020/05/11 13:41:23 kid1| SECURITY ALERT: By user agent: Microsoft BITS/6.7
> 2020/05/11 13:41:23 kid1| SECURITY ALERT: on URL: armmf.adobe.com:443
> 2020/05/11 13:41:23 kid1| kick abandoning local=[XXX]:80
> remote=192.168.1.224:1040 FD 69 flags=33
>
> I am aware of possible interception issues but what exactly does this
> message mean? The original destination port is 80, why does squid complain
> about it not being port 443?
The HTTP Host header says the client was connecting to a server on port
443. Yet the TCP packets came, as you say from port 80.
Amos
More information about the squid-users
mailing list