<HTML><BODY>Hello. I have the squid 3.5.24 from source:<br>configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-ssl' '--enable-ssl-crtd' '--with-openssl' '--enable-linux-netfilter' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' 'build_alias=x86_64-linux-gnu'<br><br><p>I also have this configuration:</p><p>max_filedesc 35000<br>acl localnet src 172.16.16.0/24<br>acl localnet src 172.22.1.0/24<br>acl SSL_ports port 443<br>acl CONNECT method CONNECT<br>acl AdminsIP src "/etc/squid/admips.txt"<br>acl BlackList dstdomain "/etc/squid/BL.txt"<br>acl BlockInetExlWhite src "/etc/squid/BI.txt"<br>acl WhiteList dstdomain "/etc/squid/WL.txt"<br>acl manager proto manager<br>via off<br>forwarded_for off<br>follow_x_forwarded_for deny all<br>visible_hostname my.server.com<br>hosts_file /etc/hosts<br>dns_nameservers 172.16.16.11<br>ipcache_size 10240<br>negative_dns_ttl 5 minutes<br>fqdncache_size 10240<br>http_access deny !Safe_ports<br>http_access deny CONNECT !SSL_ports<br>http_access allow manager<br>http_access deny manager<br>cachemgr_passwd password all<br>http_access allow localhost<br>http_access allow AdminsIP<br>http_access deny BlockInetExlWhite !WhiteList<br>http_access deny BlackList<br>http_access allow localnet<br>http_access deny all<br>cache deny all<br>http_port 0.0.0.0:3128 intercept<br>http_port 0.0.0.0:3130<br>https_port 0.0.0.0:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/myCA.pem<br>always_direct allow all<br>sslproxy_cert_error allow all<br>sslproxy_flags DONT_VERIFY_PEER<br>acl blocked ssl::server_name "/etc/squid/BL.txt"<br>acl step1 at_step SslBump1<br>ssl_bump peek step1<br>ssl_bump terminate blocked<br>ssl_bump splice all<br>sslcrtd_program /lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB<br>coredump_dir /var/spool/squid<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern . 0 20% 4320<br>maximum_object_size 61440 KB<br>minimum_object_size 3 KB<br>cache_swap_low 90<br>cache_swap_high 95<br>maximum_object_size_in_memory 512 KB<br>memory_replacement_policy lru<br>logfile_rotate 0<br>cache_mgr <a href="mailto:admin@my.server.com" data-mce-href="mailto:admin@my.server.com">admin@my.server.com</a> <br><br>All users in my company have enabled auto-proxy-config in OS with wpad url configuration, below you can see wpad.dat:<br></p><p>function FindProxyForURL(url, host) {<br> var proxy_on = "PROXY 172.16.16.30:3130";<br> var proxy_off = "DIRECT";<br> var network = "172.16.16.0";<br> var network1 = "192.168.100.0";<br> var subnet = "255.255.255.0";<br> <br> var proxy_bypass = new Array(<br> "*.slack.com",<br> "*.slack-edge.com",<br> "*.slack-msgs.com",<br> "*slack-files.com",<br> "*slack-imgs.com",<br> "*slack-edge.com",<br> "*slack-core.com",<br> "*slack-redir.net",<br> "192.168.100.0",<br> "127.0.0.1",<br> "localhost"<br> );</p><p>if (isInNet(host, network, subnet)) {<br> return proxy_off;<br> }<br> if (isInNet(host, network1, subnet)) {<br> return proxy_off;<br> }<br> <br> for (var i = 0; i < proxy_bypass.length; i++) {<br> if (shExpMatch(host, proxy_bypass[i])) {<br> return DIRECT;<br> }<br> }<br> <br> if (shExpMatch(url, "http:*") ||<br> shExpMatch(url, "https:*") ||<br> shExpMatch(url, "ftp:*")) {<br> return proxy_on;<br> }<br> <br> // Finally, send all other requests direct.<br> return proxy_off;<br>}<br><br>In the wpad web server I can see logs:</p><p>188.xxx.xxx.xxx - - [06/Mar/2017:11:20:21 +0300] "GET /wpad.dat HTTP/1.1" 200 1324 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Slack/2.5.1 Chrome/53.0.2785.143 Electron/1.4.15 Safari/537.36"<br>188.xxx.xxx.xxx - - [06/Mar/2017:11:57:29 +0300] "GET /wpad.dat HTTP/1.1" 200 1324 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"<br>188.xxx.xxx.xxx - - [06/Mar/2017:11:57:29 +0300] "GET /wpad.dat HTTP/1.1" 200 1324 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"<br>188.xxx.xxx.xxx - - [06/Mar/2017:11:57:29 +0300] "GET /wpad.dat HTTP/1.1" 200 1324 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Slack/2.5.1 Chrome/53.0.2785.143 Electron/1.4.15 Safari/537.36"<br>188.xxx.xxx.xxx - - [06/Mar/2017:13:13:01 +0300] "GET /wpad.dat HTTP/1.1" 200 1324 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"</p>I see the problems when to try work with slack app or gmail apps (e.g. calendar), in the squid log I see many entries:<br><p>2017/03/06 14:38:03| SECURITY ALERT: Host header forgery detected on local=54.230.99.128:443 remote=172.16.16.123:64857 FD 748 flags=33 (local IP does not match any domain IP)<br>2017/03/06 14:38:03| SECURITY ALERT: on URL: slack.com:443<br>2017/03/06 14:38:30| SECURITY ALERT: Host header forgery detected on local=54.230.99.128:443 remote=172.16.16.123:64875 FD 505 flags=33 (local IP does not match any domain IP)<br>2017/03/06 14:38:30| SECURITY ALERT: on URL: slack.com:443<br>2017/03/06 14:38:37| SECURITY ALERT: Host header forgery detected on local=54.230.99.128:443 remote=172.16.16.123:64881 FD 678 flags=33 (local IP does not match any domain IP)<br>Could you help me please?<br>P.S. Sorry for my bad english.</p><br></BODY></HTML>