<div dir="ltr">Dear Amos,<div><br></div><div>Thank you. I didn't know that it cannot yet work on token based auth.So there is no work around?</div><div><br></div><div>Really appreciated.<br><div class="gmail_extra"><br><div class="gmail_quote">On 12 January 2016 at 15:00, <span dir="ltr"><<a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send squid-users mailing list submissions to<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:squid-users-request@lists.squid-cache.org">squid-users-request@lists.squid-cache.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:squid-users-owner@lists.squid-cache.org">squid-users-owner@lists.squid-cache.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. guideline on limiting users per IP (3@D4rkn3ss DuMb)<br>
2. Re: kerberos authentication with a machine account doesn't<br>
work (LYMN)<br>
3. Re: guideline on limiting users per IP (Amos Jeffries)<br>
4. cache_mem differs from output in mgr:config (XUFENG)<br>
5. host header forgery false positives (Jason Haar)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 11 Jan 2016 21:54:18 +0300<br>
From: "3@D4rkn3ss DuMb" <<a href="mailto:32d4rkn3ss@gmail.com">32d4rkn3ss@gmail.com</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
Subject: [squid-users] guideline on limiting users per IP<br>
Message-ID:<br>
<<a href="mailto:CAMDafwBjx9i4ErNQFkvYO1UNMZyv4ah6wPeVf_ZCgJ_a-vKp2w@mail.gmail.com">CAMDafwBjx9i4ErNQFkvYO1UNMZyv4ah6wPeVf_ZCgJ_a-vKp2w@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Dear all,<br>
<br>
I hope you all doing fine ! I know that this question has already been<br>
asked multiple times, and I already checked the logs (old mailing list) but<br>
I didn't find there my answers ... By the way, I am suspecting that this<br>
might have something to do with the squid version itself.<br>
<br>
In fact, I am running squid on two different servers: CentOS 6 and Debian<br>
sid (testing)! I implemented the last one as a backup, but I would like to<br>
perform a hot swap now since the version in CentOS does not support the<br>
max_user_ip policy.<br>
<br>
The version on Debian is 3.5.12 and but still max_user_ip does not work at<br>
all and squid in verbose mode does not reject it but go through it<br>
correctly, so I m bit confused. The authentication is against AD win 2008.<br>
<br>
I will send the more details later on but If somebody could confirm<br>
regarding the compatibility between the version and the max_user_ip/ AD<br>
authentication.<br>
<br>
Thank you in advance,<br>
<br>
Ken<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160111/c2afb02f/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/attachments/20160111/c2afb02f/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 12 Jan 2016 09:58:44 +1030<br>
From: LYMN <<a href="mailto:brett.lymn@baesystems.com">brett.lymn@baesystems.com</a>><br>
To: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br>
Cc: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] kerberos authentication with a machine<br>
account doesn't work<br>
Message-ID: <<a href="mailto:20160111232844.GB19684@baea.com.au">20160111232844.GB19684@baea.com.au</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
On Mon, Jan 11, 2016 at 09:06:27PM +1300, Amos Jeffries wrote:<br>
> On 11/01/2016 2:48 p.m., LYMN wrote:<br>
> ><br>
> > I did manage to get this working, you did mention the correct solution<br>
> > right down the end of your message.<br>
> ><br>
><br>
> Correct for you yes. That can happen when making half-blind guesses at<br>
> what the problem actually is based on partial information. It might have<br>
> been any of the issues mentioned or any of the solutions mentioned.<br>
> Others in future may find differently depending on what they have mucked<br>
> up or payed around with before asking.<br>
><br>
<br>
Yes, correct for me. It indeed could be one or more of the suggestions<br>
that were made. Kerberos errors are such fun to debug made more so by<br>
multiple problems causing the same error message. I have had a<br>
situation where I had a few different problems and it wasn't until I had<br>
sorted them all that the error message went away but it is so unsettling<br>
to get the same error after you have made a change that you are sure<br>
makes things correct.<br>
<br>
> > On Thu, Jan 07, 2016 at 09:37:46AM +0100, L.P.H. van Belle wrote:<br>
> >> Hai,<br>
> >><br>
> >><br>
> >> Few things to check.<br>
> >><br>
> >> /etc/krb5.keytab should have rights 600 (root:root)<br>
> >><br>
> ><br>
> > And this was the problem but it should not, in my case, be as you<br>
> > stated. In fact, /etc/krb5.keytab needed to have rights 640 with<br>
> > ownership root:nobody. This is because the kerberos authenticator runs<br>
> > as the user nobody and needs access to the keytab. I am not so sure I<br>
> > like this situation because this does mean the nobody user now has<br>
> > access to the machine kerberos keys not just the ones for the http SPN.<br>
><br>
> "nobody" is the default low-privileged user account unless you build<br>
> Squid with the --with-default-user=X - in which cases it will default to<br>
> the "X" account.<br>
><br>
> You can also configure "cache_effective_user X" in squid.conf to<br>
> override the default if your Squid was built with one you dont want to use.<br>
><br>
<br>
Yes. I think you have clarified the point that I was trying to make<br>
which was the user/group used may depend on your configuration or squid<br>
build.<br>
<br>
--<br>
Brett Lymn<br>
This email has been sent on behalf of one of the following companies within the BAE Systems Australia group of companies:<br>
<br>
BAE Systems Australia Limited - Australian Company Number 008 423 005<br>
BAE Systems Australia Defence Pty Limited - Australian Company Number 006 870 846<br>
BAE Systems Australia Logistics Pty Limited - Australian Company Number 086 228 864<br>
<br>
Our registered office is Evans Building, Taranaki Road, Edinburgh Parks,<br>
Edinburgh, South Australia, 5111. If the identity of the sending company is<br>
not clear from the content of this email please contact the sender.<br>
<br>
This email and any attachments may contain confidential and legally<br>
privileged information. If you are not the intended recipient, do not copy or<br>
disclose its content, but please reply to this email immediately and highlight<br>
the error to the sender and then immediately delete the message.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Tue, 12 Jan 2016 14:21:34 +1300<br>
From: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] guideline on limiting users per IP<br>
Message-ID: <<a href="mailto:5694551E.60406@treenet.co.nz">5694551E.60406@treenet.co.nz</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 12/01/2016 7:54 a.m., 3 wrote:<br>
><br>
> The version on Debian is 3.5.12 and but still max_user_ip does not work at<br>
> all and squid in verbose mode does not reject it but go through it<br>
> correctly, so I m bit confused. The authentication is against AD win 2008.<br>
><br>
> I will send the more details later on but If somebody could confirm<br>
> regarding the compatibility between the version and the max_user_ip/ AD<br>
> authentication.<br>
<br>
All versions of Squid since 2.4 support the max_user_ip ACL.<br>
<br>
It does only apply to username based authentication (eg Basic) though.<br>
Token based authentication, particularly ones where the token changes<br>
per TCP connection (eg NTLM, Kerberos) or per message (eg Digest) do not.<br>
<br>
Amos<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Tue, 12 Jan 2016 09:36:40 +0800<br>
From: "XUFENG" <<a href="mailto:xufengnju@sina.com">xufengnju@sina.com</a>><br>
To: "squid-users" <<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>><br>
Subject: [squid-users] cache_mem differs from output in mgr:config<br>
Message-ID: <<a href="mailto:20160112013640.E3D7116600A5@webmail.sinamail.sina.com.cn">20160112013640.E3D7116600A5@webmail.sinamail.sina.com.cn</a>><br>
Content-Type: text/plain; charset=GBK<br>
<br>
My squid's cache_mem in squid.conf differs from output in mgr:config.<br>
<br>
[root@squid-cache ~]# /usr/local/squid/bin/squidclient -h 127.0.0.1 -p 80 -w aaaaaa mgr:config |grep cache_mem<br>
Sending HTTP request ... done.<br>
cache_mem 0 bytes<br>
<br>
[root@squid-cache ~]# /usr/local/squid/sbin/squid -v<br>
Squid Cache: Version 3.4.14<br>
configure options: '--prefix=/usr/local/squid' '--disable-icap-client' '--disable-wccp' '--disable-wccpv2' '--disable-htcp' '--disable-ident-lookups' '--disable-auto-locale' --enable-ltdl-convenience<br>
[root@squid-cache ~]# cat /usr/local/squid/etc/squid.conf<br>
unique_hostname <a href="http://squid-cache.xufeng.info" rel="noreferrer" target="_blank">squid-cache.xufeng.info</a><br>
visible_hostname <a href="http://squid-cache.xufeng.info" rel="noreferrer" target="_blank">squid-cache.xufeng.info</a><br>
http_port 80 accel<br>
cache_mem 4096 MB<br>
cache_dir ufs /app/cache <a href="tel:8096%2032%205120" value="+18096325120">8096 32 5120</a><br>
cache_log /usr/local/squid/var/logs/cache.log<br>
access_log /usr/local/squid/var/logs/access.log<br>
acl PURGE method PURGE<br>
cachemgr_passwd aaaaaa config reconfigure shutdown<br>
http_access allow manager localhost<br>
http_access deny manager<br>
http_access allow PURGE localhost<br>
http_access deny PURGE<br>
cache_mgr <a href="mailto:xufengnju@163.com">xufengnju@163.com</a><br>
cache_effective_user squid<br>
cache_effective_group squid<br>
cache_peer 10.1.6.38 parent 80 0 no-query originserver round-robin name=server_xufeng_info<br>
acl sites_xufeng_info dstdomain .<a href="http://xufeng.info" rel="noreferrer" target="_blank">xufeng.info</a><br>
cache_peer_access server_xufeng_info allow sites_xufeng_info<br>
<br>
[root@squid-cache ~]# cat /etc/issue<br>
CentOS release 5.11 (Final)<br>
Kernel \r on an \m<br>
<br>
[root@squid-cache ~]# uname -a<br>
Linux <a href="http://squid-cache.xufeng.info" rel="noreferrer" target="_blank">squid-cache.xufeng.info</a> 2.6.18-407.el5 #1 SMP Wed Nov 11 08:12:41 EST 2015 x86_64 x86_64 x86_64 GNU/Linux<br>
<br>
Anything wrong?<br>
Thank you for your help.<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Tue, 12 Jan 2016 14:40:24 +1300<br>
From: Jason Haar <<a href="mailto:Jason_Haar@trimble.com">Jason_Haar@trimble.com</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
Subject: [squid-users] host header forgery false positives<br>
Message-ID: <<a href="mailto:56945988.3030003@trimble.com">56945988.3030003@trimble.com</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Hi there<br>
<br>
I am finding squid-3.5.13 is false positive-ing on ssl-bump way too<br>
often. I'm just using "peek-and-splice" on intercepted port 443 to<br>
create better squid logfiles (ie I'm not actually bump-ing) but that<br>
enables enough of the code to cause the Host forgery code to kick in -<br>
but it doesn't work well in a real network<br>
<br>
As you can see below, here's a handful of sites that we're seeing this<br>
trigger on, and as it's my home network I can guarantee there's no odd<br>
DNS setups or forgery going on. This is just real-world websites doing<br>
what they do (ie are totally outside our control or influence)<br>
<br>
I don't know how the forgery-checking code works, but I guess what's<br>
happened is the DNS lookups the squid server does doesn't contain the<br>
same IP addresses the client resolved the same DNS name to. I must say<br>
that is odd because all our home computers use the squid server as their<br>
DNS server - just as the squid service does - so there shouldn't be any<br>
such conflict - but I imagine caching could be to blame (maybe the<br>
clients cache old values longer/shorter timeframes than squid does).<br>
<br>
This is a bit of a show-stopper to ever using bump: having perfectly<br>
good websites being unavailable really isn't an option (in the case of<br>
"peek-and-splice" over intercepted they seem to hang forever when this<br>
error occurs). Perhaps an option to change it's behaviour would be<br>
better? eg enable/disable and maybe "ignore client and use the IP<br>
addresses squid thinks are best" could work?<br>
<br>
<br>
Jason<br>
<br>
<br>
2016/01/12 06:04:10.303 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://121.254.166.35:443" rel="noreferrer" target="_blank">121.254.166.35:443</a> remote=<a href="http://192.168.0.8:55203" rel="noreferrer" target="_blank">192.168.0.8:55203</a> FD 95<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:04:10.303 kid1| SECURITY ALERT: on URL: <a href="http://nydus.battle.net:443" rel="noreferrer" target="_blank">nydus.battle.net:443</a><br>
2016/01/12 06:11:47.146 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.112.120:443" rel="noreferrer" target="_blank">54.231.112.120:443</a> remote=<a href="http://192.168.0.8:56072" rel="noreferrer" target="_blank">192.168.0.8:56072</a> FD 273<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:11:47.146 kid1| SECURITY ALERT: on URL:<br>
<a href="http://redditstatic.s3.amazonaws.com:443" rel="noreferrer" target="_blank">redditstatic.s3.amazonaws.com:443</a><br>
2016/01/12 06:14:24.125 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.2.145:443" rel="noreferrer" target="_blank">54.231.2.145:443</a> remote=<a href="http://192.168.0.8:56304" rel="noreferrer" target="_blank">192.168.0.8:56304</a> FD 286<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:14:24.125 kid1| SECURITY ALERT: on URL:<br>
<a href="http://adzerk-www.s3.amazonaws.com:443" rel="noreferrer" target="_blank">adzerk-www.s3.amazonaws.com:443</a><br>
2016/01/12 06:14:24.125 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.2.145:443" rel="noreferrer" target="_blank">54.231.2.145:443</a> remote=<a href="http://192.168.0.8:56305" rel="noreferrer" target="_blank">192.168.0.8:56305</a> FD 287<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:14:24.125 kid1| SECURITY ALERT: on URL:<br>
<a href="http://adzerk-www.s3.amazonaws.com:443" rel="noreferrer" target="_blank">adzerk-www.s3.amazonaws.com:443</a><br>
2016/01/12 06:37:52.737 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.114.114:443" rel="noreferrer" target="_blank">54.231.114.114:443</a> remote=<a href="http://192.168.0.8:58411" rel="noreferrer" target="_blank">192.168.0.8:58411</a> FD 309<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:37:52.737 kid1| SECURITY ALERT: on URL:<br>
<a href="http://redditstatic.s3.amazonaws.com:443" rel="noreferrer" target="_blank">redditstatic.s3.amazonaws.com:443</a><br>
2016/01/12 06:37:57.127 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://23.21.91.58:443" rel="noreferrer" target="_blank">23.21.91.58:443</a> remote=<a href="http://192.168.0.8:58421" rel="noreferrer" target="_blank">192.168.0.8:58421</a> FD 298<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:37:57.127 kid1| SECURITY ALERT: on URL:<br>
<a href="http://pixel.redditmedia.com:443" rel="noreferrer" target="_blank">pixel.redditmedia.com:443</a><br>
2016/01/12 06:37:58.158 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.49.32:443" rel="noreferrer" target="_blank">54.231.49.32:443</a> remote=<a href="http://192.168.0.8:58422" rel="noreferrer" target="_blank">192.168.0.8:58422</a> FD 299<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 06:37:58.158 kid1| SECURITY ALERT: on URL:<br>
<a href="http://redditstatic.s3.amazonaws.com:443" rel="noreferrer" target="_blank">redditstatic.s3.amazonaws.com:443</a><br>
2016/01/12 07:59:46.480 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.82.178:443" rel="noreferrer" target="_blank">54.231.82.178:443</a> remote=<a href="http://192.168.0.8:64203" rel="noreferrer" target="_blank">192.168.0.8:64203</a> FD 17<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 07:59:46.480 kid1| SECURITY ALERT: on URL:<br>
<a href="http://redditstatic.s3.amazonaws.com:443" rel="noreferrer" target="_blank">redditstatic.s3.amazonaws.com:443</a><br>
2016/01/12 10:42:07.376 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://192.30.252.129:443" rel="noreferrer" target="_blank">192.30.252.129:443</a> remote=<a href="http://192.168.0.7:50212" rel="noreferrer" target="_blank">192.168.0.7:50212</a> FD 13<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 10:42:07.376 kid1| SECURITY ALERT: on URL: <a href="http://github.com:443" rel="noreferrer" target="_blank">github.com:443</a><br>
2016/01/12 10:49:52.696 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.13.169:443" rel="noreferrer" target="_blank">54.231.13.169:443</a> remote=<a href="http://192.168.0.7:40358" rel="noreferrer" target="_blank">192.168.0.7:40358</a> FD 21<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 10:49:52.696 kid1| SECURITY ALERT: on URL:<br>
<a href="http://adzerk-www.s3.amazonaws.com:443" rel="noreferrer" target="_blank">adzerk-www.s3.amazonaws.com:443</a><br>
2016/01/12 12:19:00.374 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.149.175.172:443" rel="noreferrer" target="_blank">54.149.175.172:443</a> remote=<a href="http://192.168.0.7:57686" rel="noreferrer" target="_blank">192.168.0.7:57686</a> FD 53<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:19:00.374 kid1| SECURITY ALERT: on URL:<br>
<a href="http://shavar.services.mozilla.com:443" rel="noreferrer" target="_blank">shavar.services.mozilla.com:443</a><br>
2016/01/12 12:38:33.666 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.231.114.60:443" rel="noreferrer" target="_blank">54.231.114.60:443</a> remote=<a href="http://192.168.0.7:60694" rel="noreferrer" target="_blank">192.168.0.7:60694</a> FD 240<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:38:33.666 kid1| SECURITY ALERT: on URL: <a href="http://s3.amazonaws.com:443" rel="noreferrer" target="_blank">s3.amazonaws.com:443</a><br>
2016/01/12 12:45:24.356 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://52.35.143.137:443" rel="noreferrer" target="_blank">52.35.143.137:443</a> remote=<a href="http://192.168.0.7:53313" rel="noreferrer" target="_blank">192.168.0.7:53313</a> FD 54<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:45:24.356 kid1| SECURITY ALERT: on URL:<br>
<a href="http://events.redditmedia.com:443" rel="noreferrer" target="_blank">events.redditmedia.com:443</a><br>
2016/01/12 12:45:30.568 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://54.204.8.186:443" rel="noreferrer" target="_blank">54.204.8.186:443</a> remote=<a href="http://192.168.0.7:44144" rel="noreferrer" target="_blank">192.168.0.7:44144</a> FD 237<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:45:30.568 kid1| SECURITY ALERT: on URL:<br>
<a href="http://engine.a.redditmedia.com:443" rel="noreferrer" target="_blank">engine.a.redditmedia.com:443</a><br>
2016/01/12 12:49:10.490 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://192.30.252.128:443" rel="noreferrer" target="_blank">192.30.252.128:443</a> remote=<a href="http://192.168.0.7:36340" rel="noreferrer" target="_blank">192.168.0.7:36340</a> FD 79<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:49:10.490 kid1| SECURITY ALERT: on URL: <a href="http://github.com:443" rel="noreferrer" target="_blank">github.com:443</a><br>
2016/01/12 12:49:21.162 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://192.30.252.127:443" rel="noreferrer" target="_blank">192.30.252.127:443</a> remote=<a href="http://192.168.0.7:41264" rel="noreferrer" target="_blank">192.168.0.7:41264</a> FD 250<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:49:21.162 kid1| SECURITY ALERT: on URL: <a href="http://api.github.com:443" rel="noreferrer" target="_blank">api.github.com:443</a><br>
2016/01/12 12:49:51.399 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://192.30.252.129:443" rel="noreferrer" target="_blank">192.30.252.129:443</a> remote=<a href="http://192.168.0.7:50925" rel="noreferrer" target="_blank">192.168.0.7:50925</a> FD 203<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 12:49:51.399 kid1| SECURITY ALERT: on URL: <a href="http://github.com:443" rel="noreferrer" target="_blank">github.com:443</a><br>
2016/01/12 13:03:57.040 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://192.30.252.92:443" rel="noreferrer" target="_blank">192.30.252.92:443</a> remote=<a href="http://192.168.0.7:46645" rel="noreferrer" target="_blank">192.168.0.7:46645</a> FD 291<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 13:03:57.040 kid1| SECURITY ALERT: on URL: <a href="http://live.github.com:443" rel="noreferrer" target="_blank">live.github.com:443</a><br>
2016/01/12 13:03:59.200 kid1| SECURITY ALERT: Host header forgery<br>
detected on local=<a href="http://192.30.252.92:443" rel="noreferrer" target="_blank">192.30.252.92:443</a> remote=<a href="http://192.168.0.7:46647" rel="noreferrer" target="_blank">192.168.0.7:46647</a> FD 275<br>
flags=33 (local IP does not match any domain IP)<br>
2016/01/12 13:03:59.200 kid1| SECURITY ALERT: on URL: <a href="http://live.github.com:443" rel="noreferrer" target="_blank">live.github.com:443</a><br>
<br>
--<br>
Cheers<br>
<br>
Jason Haar<br>
Corporate Information Security Manager, Trimble Navigation Ltd.<br>
Phone: <a href="tel:%2B1%20408%20481%208171" value="+14084818171">+1 408 481 8171</a><br>
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 17, Issue 37<br>
*******************************************<br>
</blockquote></div><br></div></div></div>