On Sun, 27 Nov 2011 23:36:23 +0100, David Touzeau wrote:
Dear
I have this squid version :
Squid Cache: Version 3.2.0.13-20111125-r11436
configure options: '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--localstatedir=/var'
'--libexecdir=/lib/squid3' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--srcdir=.'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--enable-gnuregex' '--enable-forward-log'
'--enable-removal-policy=heap' '--enable-follow-x-forwarded-for'
'--enable-http-violations' '--enable-large-cache-files'
'--enable-removal-policies=lru,heap' '--enable-err-languages=English'
'--enable-default-err-language=English' '--with-maxfd=32000'
'--with-large-files' '--disable-dlmalloc' '--with-pthreads'
'--enable-esi' '--enable-storeio=aufs,diskd,ufs,rock'
'--with-aufs-threads=10' '--with-maxfd=16384'
'--enable-x-accelerator-vary' '--with-dl' '--enable-truncate'
'--enable-linux-netfilter' '--with-filedescriptors=16384'
'--enable-wccpv2' '--enable-eui' '--enable-auth'
'--enable-auth-basic'
'--enable-auth-digest' '--enable-auth-negotiate-helpers'
'--enable-log-daemon-helpers' '--enable-url-rewrite-helpers'
'--enable-auth-ntlm' '--with-default-user=squid'
'--enable-icap-client'
'--enable-cache-digests' '--enable-icap-support' '--enable-poll'
'--enable-epoll' '--enable-async-io' '--enable-delay-pools'
'CFLAGS=-DNUMTHREADS=60 -O3 -pipe -fomit-frame-pointer -funroll-loops
-ffast-math -fno-exceptions'
I cannot browse trough Internet and receive many errors in syslog :
Nov 27 23:32:57 gibrat squid[15355]: SECURITY ALERT: By user agent:
Opera/9.80 (X11; Linux i686; U; fr) Presto/2.9.168 Version/11.52
Nov 27 23:32:57 gibrat squid[15355]: SECURITY ALERT: on URL:
http://192.168.1.1:49152/rootDesc.xml
Nov 27 23:32:59 gibrat squid[15355]: SECURITY ALERT: By user agent:
Opera/9.80 (X11; Linux i686; U; fr) Presto/2.9.168 Version/11.52
Nov 27 23:32:59 gibrat squid[15355]: SECURITY ALERT: on URL:
http://clients1.google.com/complete/search?q=no-ip&client=opera&hl=fr
Is it normal ??
These are the 2nd and 3rd lines of a "Host: header forgery" alert. The
first line explains what is being detected as wrong, these are the
supporting data to help track it down.
Having just read your config details in the other thread, I expect this
is caused by a combination of your incomplete iptables NAT intercept
rules, and testing by configuring the browser to use the proxy NAT port
directly. That type of setup is dangerous and can expect this rejection
in 3.2.
Amos