[squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Yuri Voinov yvoinov at gmail.com
Thu Oct 22 11:00:18 UTC 2015



22.10.15 15:58, Amos Jeffries пишет:
> On 21/10/2015 4:53 p.m., Dan Charlesworth wrote:
>> I’m getting these very frequently for api.github.com and github.com
>>
>> I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they only return the one IP when I do an nslookup as well …
>>
>> Any updates from your end, Roel?
>
> I just did a quick test of api.github.com and what I'm seeing is only
> one IP at a time being delivered. BUT that IP is showing signs of being
> geo-DNS based result and also has a 60 second TTL.
>
> So ... when using the Google "free" DNS service it changes IP number
> almost every second. Based on which of the Google servers you happen to
> be working through with that particular request.
>
> You can watch it cycling if you like:
>   watch dig A api.github.com @8.8.8.8
>
>
> You could run a local bind server and redirect UDP port 53 requests from
... or Unbound. ;) I use it.
> clients to it so they stop using 8.8.8.8 etc and start using a DNS like
> its supposed to work.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list