[squid-users] Header forgery detected
Matus UHLAR - fantomas
uhlar at fantomas.sk
Sat Nov 9 07:00:34 UTC 2019
On 09.11.19 06:53, Darren Breeze wrote:
>I am trying to set up squid 3.5 (have to stick with this version)
why?
> to intercept and https bump / splice,
squid 3 has problems with bumping/splicing that are fixed in squid4...
> it's all working OK with the exception of some elements of a https site failing to load (the browser just shows "failed"). matched with the failures, I see this type of message in the cache log.
>
>2019/11/08 17:39:46 kid1| SECURITY ALERT: Host header forgery detected on local=23.213.186.14:443 remote=172.16.3.250:57041 FD 28 flags=33 (local IP does not match any domain IP)
seems you are trying to intercept by doing DNAT on remote machine, which
causes this problem.
https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery
you must use ip policy routing or WCCP when interceptin outside of squid
machine:
https://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Requirements_and_methods_for_Interception_Caching
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
More information about the squid-users
mailing list