Search squid archive

Re: SECURITY ALERT generated by squid in events

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 27 Nov 2011 23:36:23 +0100, David Touzeau wrote:
Dear

I have this squid version :

Squid Cache: Version 3.2.0.13-20111125-r11436
configure options:  '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--localstatedir=/var'
'--libexecdir=/lib/squid3' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--srcdir=.'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--enable-gnuregex' '--enable-forward-log'
'--enable-removal-policy=heap' '--enable-follow-x-forwarded-for'
'--enable-http-violations' '--enable-large-cache-files'
'--enable-removal-policies=lru,heap' '--enable-err-languages=English'
'--enable-default-err-language=English' '--with-maxfd=32000'
'--with-large-files' '--disable-dlmalloc' '--with-pthreads'
'--enable-esi' '--enable-storeio=aufs,diskd,ufs,rock'
'--with-aufs-threads=10' '--with-maxfd=16384'
'--enable-x-accelerator-vary' '--with-dl' '--enable-truncate'
'--enable-linux-netfilter' '--with-filedescriptors=16384'
'--enable-wccpv2' '--enable-eui' '--enable-auth' '--enable-auth-basic'
'--enable-auth-digest' '--enable-auth-negotiate-helpers'
'--enable-log-daemon-helpers' '--enable-url-rewrite-helpers'
'--enable-auth-ntlm' '--with-default-user=squid' '--enable-icap-client'
'--enable-cache-digests' '--enable-icap-support' '--enable-poll'
'--enable-epoll' '--enable-async-io' '--enable-delay-pools'
'CFLAGS=-DNUMTHREADS=60 -O3 -pipe -fomit-frame-pointer -funroll-loops
-ffast-math -fno-exceptions'

I cannot browse trough Internet and receive many errors in syslog :

Nov 27 23:32:57 gibrat squid[15355]: SECURITY ALERT: By user agent:
Opera/9.80 (X11; Linux i686; U; fr) Presto/2.9.168 Version/11.52
Nov 27 23:32:57 gibrat squid[15355]: SECURITY ALERT: on URL:
http://192.168.1.1:49152/rootDesc.xml
Nov 27 23:32:59 gibrat squid[15355]: SECURITY ALERT: By user agent:
Opera/9.80 (X11; Linux i686; U; fr) Presto/2.9.168 Version/11.52
Nov 27 23:32:59 gibrat squid[15355]: SECURITY ALERT: on URL:
http://clients1.google.com/complete/search?q=no-ip&client=opera&hl=fr

Is it normal ??

These are the 2nd and 3rd lines of a "Host: header forgery" alert. The first line explains what is being detected as wrong, these are the supporting data to help track it down.

Having just read your config details in the other thread, I expect this is caused by a combination of your incomplete iptables NAT intercept rules, and testing by configuring the browser to use the proxy NAT port directly. That type of setup is dangerous and can expect this rejection in 3.2.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux