[squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 23 11:02:05 UTC 2019
On 23/01/19 9:22 pm, reinerotto wrote:
> Running squid 4.4 on very limited device, unfortunately quite a lot of
> messages: "... SECURITY ALERT: Host header forgery detected ... " show up.
> Unable to eliminate real cause of this issue (even using iptables to redir
> all DNS requests to one dnsmasq does not help), these annoying messages tend
> to fill up cache.log, which is kept in precious RAM.
> Is there an "official" method to suppress these messages ?
> Or can you please give a hint, where to apply a (hopefully) simple patch ?
>
See <https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>
FYI: There is still active malware out there searching for proxies that
are vulnerable and utilizing them for nefarious uses.
The last person to ask this questio turned out to have a network
infected with that malware.
I thought last year that a decade of fixed Squid being used was long
enough for things to die down and let us loosen up a bit. Then was
informed about yet another ISP being attacked through those methods. So
no, an official patch removing them is not on the book yet.
Almost all the ways we are able to reduce the side effects have been
done and are included in that Squid-4.4
Amos
More information about the squid-users
mailing list