Le mercredi 30 novembre 2011 à 11:14 +1300, Amos Jeffries a écrit : > On Tue, 29 Nov 2011 22:48:39 +0100, David Touzeau wrote: > > Dear > > > > I'm trying to make Squid Cache: Version 3.2.0.13-20111127-r11436 on > > transparent mode > > > > But squid refuse to access to some websites > > for example google.* is ok > > > > but microsoft is impossible. > > > > How to fix this issue ? > > Track down the client software which is producing the requests. > > > > > On event : > > > > > ... missing log line... > > > Nov 29 22:18:57 squid2 squid[11257]: SECURITY ALERT: By user agent: > > Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; > > InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR > > 3.0.4506.2152; .NET CLR 3.5.30729) > > Nov 29 22:18:57 squid2 squid[11257]: SECURITY ALERT: on URL: > > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome > > ... missing log line... > > > Nov 29 22:18:59 squid2 squid[11257]: SECURITY ALERT: By user agent: > > Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; > > InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR > > 3.0.4506.2152; .NET CLR 3.5.30729) > > Nov 29 22:18:59 squid2 squid[11257]: SECURITY ALERT: on URL: > > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome > > > Which brings us back to the question of where the key log line has > disappeared to. > > The log line which says "Host header forgery from $C ($A does not match > $B)" > > What those $ values are is important to how to fix it. $C is the > connection details needed to isolate the machine to investigate. $A and > $B the details which it is getting wrong. > > Amos > But This only events that i can see: ~# cat /var/log/syslog |grep -E "squid\[[0-9]+"|tail -n 500 Nov 29 22:25:35 squid2 squid[20578]: Version 1 of swap file with LFS support detected... Nov 29 22:25:35 squid2 squid[20578]: Rebuilding storage in /var/cache/squid (DIRTY) Nov 29 22:25:35 squid2 squid[20578]: Using Least Load store dir selection Nov 29 22:25:35 squid2 squid[20578]: Set Current Directory to /var/squid/cache Nov 29 22:25:35 squid2 squid[20578]: Loaded Icons. Nov 29 22:25:35 squid2 squid[20578]: HTCP Disabled. Nov 29 22:25:35 squid2 squid[20578]: Squid plugin modules loaded: 0 Nov 29 22:25:35 squid2 squid[20578]: Adaptation support is off. Nov 29 22:25:35 squid2 squid[20578]: Ready to serve requests. Nov 29 22:25:35 squid2 squid[20578]: Done reading /var/cache/squid swaplog (0 entries) Nov 29 22:25:35 squid2 squid[20578]: Finished rebuilding storage from disk. Nov 29 22:25:35 squid2 squid[20578]: 0 Entries scanned Nov 29 22:25:35 squid2 squid[20578]: 0 Invalid entries. Nov 29 22:25:35 squid2 squid[20578]: 0 With invalid flags. Nov 29 22:25:35 squid2 squid[20578]: 0 Objects loaded. Nov 29 22:25:35 squid2 squid[20578]: 0 Objects expired. Nov 29 22:25:35 squid2 squid[20578]: 0 Objects cancelled. Nov 29 22:25:35 squid2 squid[20578]: 0 Duplicate URLs purged. Nov 29 22:25:35 squid2 squid[20578]: 0 Swapfile clashes avoided. Nov 29 22:25:35 squid2 squid[20578]: Took 0.03 seconds ( 0.00 objects/sec). Nov 29 22:25:35 squid2 squid[20578]: Beginning Validation Procedure Nov 29 22:25:35 squid2 squid[20578]: Completed Validation Procedure Nov 29 22:25:35 squid2 squid[20578]: Validated 0 Entries Nov 29 22:25:35 squid2 squid[20578]: store_swap_size = 0.00 KB Nov 29 22:25:35 squid2 squid[20578]: Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 13 flags=33 Nov 29 22:25:35 squid2 squid[20578]: Accepting HTTP Socket connections at local=[::]:3129 remote=[::] FD 14 flags=1 Nov 29 22:25:36 squid2 squid[20578]: storeLateRelease: released 0 objects Nov 29 22:28:00 squid2 squid[20578]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Nov 29 22:28:00 squid2 squid[20578]: SECURITY ALERT: on URL: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Nov 29 22:28:04 squid2 squid[20578]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Nov 29 22:28:04 squid2 squid[20578]: SECURITY ALERT: on URL: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Can i do something more ?
