<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
Oh, shi......<br>
<br>
It can't be on proxy host or other infrastructure. It can be on
these client......<br>
<br>
Let's check.<br>
<br>
27.01.2015 10:41, Amos Jeffries пишет:<br>
<span style="white-space: pre;">> On 27/01/2015 11:13 a.m., Yuri
Voinov wrote:<br>
><br>
> > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1<br>
><br>
> > Hi gents,<br>
><br>
> > who knows - what does it mean below?<br>
><br>
> > 2015/01/27 04:11:42.289 kid1| SECURITY ALERT: Host
header forgery<br>
> > detected on local=192.168.200.3:80
remote=192.168.200.5:9909 FD 18<br>
> > flags=33 (intercepted port does not match 443)
2015/01/27<br>
> > 04:11:42.289 kid1| SECURITY ALERT: By user agent:
2015/01/27<br>
> > 04:11:42.289 kid1| SECURITY ALERT: on URL:<br>
> > stnd-lueg.crsi.symantec.com:443 2015/01/27 04:11:42.289
kid1|<br>
> > abandoning local=192.168.200.3:80
remote=192.168.200.5:9909 FD 18<br>
> > flags=33<br>
><br>
><br>
> <a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery">http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery</a><br>
><br>
><br>
> Notice how the origin-server request being intercepted on
port *80*<br>
> says its on port *443*.<br>
><br>
> This is either one of the actual attacks the forgery
protection was<br>
> put in place to prevent (yeas they do happen). Or you have a
NAT<br>
> somewhere mapping port 443 onto port 80 before it gets to the
proxy<br>
> machine.<br>
><br>
> Amos<br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBAgAGBQJUx1juAAoJENNXIZxhPexGD/4IAKWWJ7Uf29cxIOCwOcMZwkYv
<br>
vu/h2FV/hf7W7ZK2XTAr2a2kcCR4YKamlHcftd1/jT9EMLCRhj87xicLoLSqjyJJ
<br>
ONAPP6OOy7ib8cNGyEpUhoYL9pui32iwv/lLFQZro7c1cvuJZFheg3RMqXMG4q7l
<br>
XAWFiKPsTl8vZ5pWQIrmkeuqBoee6XHZmBErGY/cIcEcn0bAlxMQLgyC1wNg136l
<br>
cqZxk5f55SZ03fy+pivjUgy16vWJx5pJyDMJIJh79x7hbE9ZilTDRGnf81+Sie5s
<br>
80QmQh17pWMmT9o7CDFG6FdOcDtpn386D7OECrJZYCiorKIctRevF+I/sCQfj3c=
<br>
=IQmE
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>