[squid-users] Host Header Forgery issue even after applying patch
gkjo
gkjoshi at gmail.com
Mon May 13 15:49:05 UTC 2019
Hi There
I have installed Squid 3.5-20 in transparent mode (using WCCP ) and facing
lots of false
positive for SSL sites (Host header forgery detected ), we are using just
Peak and slice and
not actually bump-ing the traffic .
2019/05/08 23:51:05 kid1| SECURITY ALERT: on URL: outlook.office365.com:443
2019/05/08 23:51:05 kid1| SECURITY ALERT: Host header forgery detected on
local=40.100.2.98:443
remote=10.1.1.3:58714 FD 36 flags=33 (local IP does not match any domain IP)
2019/05/08 23:51:05 kid1| SECURITY ALERT: on URL: outlook.office365.com:443
2019/05/08 23:51:16 kid1| SECURITY ALERT: Host header forgery detected on
local=52.98.77.98:443
remote=10.1.1.3:58717 FD 60 flags=33 (local IP does not match any domain IP)
I did apply the patch (
https://github.com/NethServer/squid/blob/c7/SOURCES/squid-3.5.20-ssl-
forgery.patch) while compile the squid but still getting same error . is
there anyway to
verify that "HostHeaderForgery" is disabled and patch is applied correctly ?
Or is there any other alternative to resolve this issue (not with explicit
proxy). I have verified client and squid have same DNS .
Regards
Gjoshi
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list