Amos, Latest squid is prevent connection to my known servers without local domain name. The version prior to June 15 allow connecting to URLs without the fully qualified domain names as in "moose" instead of "moose.xxx.com" The latest squid is throw the follwing error: 2011/09/13 09:17:53.420 kid1| SECURITY ALERT: Host header forgery detected on local=192.168.243.1:8080 remote=192.168.243.1:59291 FD 11 flags=1 (moose does not match moose.xxx.com) Here's a patch to get around the problem. By specifying "append_domain .xxx.com", squid should allows host that matches the domain part. This is useful for get back the old behavior so I don't need to type the full URLs for many sites at work I'm dealing with. Thanks, Jeff --- trunk/src/client_side_request.cc 2011-09-02 23:48:56.000000000 +0800 +++ truck/src/client_side_request.cc 2011-09-13 10:31:33.000000000 +0800 @@ -620,6 +620,8 @@ port = xatoi(portStr); } + int appendDomainOK = strcmp(strchr(http->request->GetHost(), '.'), Config.appendDomain); + debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ", portStr=" << (portStr?portStr:"NULL")); if (http->request->flags.intercepted || http->request->flags.spoof_client_ip) { // verify the Host: port (if any) matches the apparent destination @@ -633,11 +635,11 @@ // verify the destination DNS is one of the Host: headers IPs ipcache_nbgethostbyname(host, hostHeaderIpVerifyWrapper, this); } - } else if (strlen(host) != strlen(http->request->GetHost())) { + } else if (strlen(host) != strlen(http->request->GetHost()) && appendDomainOK) { // Verify forward-proxy requested URL domain matches the Host: header debugs(85, 3, HERE << "FAIL on validate URL domain length " << http->request->GetHost() << " matches Host: " << host); hostHeaderVerifyFailed(host, http->request->GetHost()); - } else if (matchDomainName(host, http->request->GetHost()) != 0) { + } else if (matchDomainName(host, http->request->GetHost()) != 0 && appendDomainOK) { // Verify forward-proxy requested URL domain matches the Host: header debugs(85, 3, HERE << "FAIL on validate URL domain " << http->request->GetHost() << " matches Host: " << host); hostHeaderVerifyFailed(host, http->request->GetHost());