[squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?

Alex Rousskov rousskov at measurement-factory.com
Thu Jan 24 22:47:43 UTC 2019


On 1/23/19 6:44 PM, Amos Jeffries wrote:
> For now all we can do is take the warnings seriously and find ways to
> prevent the network behaviours that cause them. 

For the record, the above is an opinion rather than a fact or consensus.
There are, of course, other (and far more realistic/useful) things we
could do. For example, we could give the admin the choice of which
"forgeries" should be classified as false positives and treated
accordingly, and we could improve reporting of the "forgeries" so that
the reporting itself does not become a problem.


> The security issues this detection prevents are so nasty we consider
> the pain worth the price of avoiding those outcomes.

In many cases, it would be possible for admins to suffer virtually no
"pain" while still "preventing security issues" and following best
practices (such as keeping logging enabled).

Alex.


More information about the squid-users mailing list