[squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?
reinerotto
augustus_meyer at gmx.net
Wed Jan 23 13:55:56 UTC 2019
I suspect, these messages, for example, are not caused by any malware, but
somehow by skype:
2019/01/23 13:38:18 kid1| SECURITY ALERT: on URL:
mobile.pipe.aria.microsoft.com:443
2019/01/23 13:38:18 kid1| SECURITY ALERT: Host header forgery detected on
local=52.114.76.35:443 remote=192.168.182.10:59312 FD 31 flags=33 (local IP
does not match any domain IP)
2019/01/23 13:38:18 kid1| SECURITY ALERT: on URL:
mobile.pipe.aria.microsoft.com:443
2019/01/23 13:39:03 kid1| SECURITY ALERT: Host header forgery detected on
local=52.114.74.44:443 remote=192.168.182.10:59378 FD 37 flags=33 (local IP
does not match any domain IP)
2019/01/23 13:39:03 kid1| SECURITY ALERT: on URL:
mobile.pipe.aria.microsoft.com:443
May be, some inconsistency of cached DNS in the client and the
openwrt-device, running squid.
There are some "rumours", that not all browsers correctly honor TTL for
cached DNS.
Anyway, even, in case malware would trigger these messages, then this opens
the gate to attack resource limited squid-installations, like mine on
openwrt, by flooding cache.log, kept in RAM, and possibly forcing an
OOM-crash.
Simple fix would be to disable cache.log, but I am hesitating to do so, not
to drop more valuable messages.
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list