Search squid archive

Re: SECURITY ALERT: Squid Cache: Version 3.2.0.13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No problem with 3.2.0.13-20111129-r11445 without transparent mode 

There is something interresting in access.log ?

----- Mail original -----
De: "David Touzeau" <david@xxxxxxxxxx>
À: squid-users@xxxxxxxxxxxxxxx
Envoyé: Jeudi 1 Décembre 2011 09:58:47
Objet: Re:  SECURITY ALERT: Squid Cache: Version 3.2.0.13

Le mercredi 30 novembre 2011 à 11:14 +1300, Amos Jeffries a écrit :
> On Tue, 29 Nov 2011 22:48:39 +0100, David Touzeau wrote:
> > Dear
> >
> > I'm trying to make  Squid Cache: Version 3.2.0.13-20111127-r11436 on
> > transparent mode
> >
> > But squid refuse to access to some websites
> > for example google.* is ok
> >
> > but microsoft is impossible.
> >
> > How to fix this issue ?
> 
>  Track down the client software which is producing the requests.
> 
> >
> > On event :
> >
> 
> 
>  ... missing log line...
> 
> > Nov 29 22:18:57 squid2 squid[11257]: SECURITY ALERT: By user agent:
> > Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
> > InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
> > 3.0.4506.2152; .NET CLR 3.5.30729)
> > Nov 29 22:18:57 squid2 squid[11257]: SECURITY ALERT: on URL:
> > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
> 
>  ... missing log line...
> 
> > Nov 29 22:18:59 squid2 squid[11257]: SECURITY ALERT: By user agent:
> > Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
> > InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
> > 3.0.4506.2152; .NET CLR 3.5.30729)
> > Nov 29 22:18:59 squid2 squid[11257]: SECURITY ALERT: on URL:
> > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
> 
> 
>  Which brings us back to the question of where the key log line has 
>  disappeared to.
> 
>  The log line which says "Host header forgery from $C ($A does not match 
>  $B)"
> 
>  What those $ values are is important to how to fix it. $C is the 
>  connection details needed to isolate the machine to investigate. $A and 
>  $B the details which it is getting wrong.
> 
>  Amos
> 


I have made others tests 

HEre it is the dump.

Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/42/72A83D0D39814D13CA15F184E71D2.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/F4/9DC6A31D2F48971E8CF184EAF3ACFF.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/B5/2BC4D612CC1DB446582EB29AD4FF0.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/B3/F358459610F7EE4285351371CB3A.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb01.s-msn.com/i/4B/9571894AD3B49F1AFBDFB6A0AB929.gif
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/98/FD8C6B5E35BB28EE6D5D7CAA46C48.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/FF/976AED20082B54679EAB83F1C3.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/48/B6F62B8F241454CD698D3CE9DB625.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb01.s-msn.com/i/9B/BBD5BC1B0962CA282508E1A7FB4A0.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/1F/C76A82B18F7D1B3C54BA91EC4C250.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb01.s-msn.com/i/19/876FD0FCBCE1923D3FB6CA6FECD496.jpg
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb01.s-msn.com/i/7D/52D12418B630F1586B7DD29B40D77D.jpg
Dec  1 09:56:22 squid2 squid[28754]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:22 squid2 squid[28754]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/1C/B916E20FDBAABD2FE380EB8B6AEC.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb01.s-msn.com/i/46/274F185AF2C2D85E1F2FC5977F13.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/89/9730F0C17E6AA0923B57F951F66C.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/3E/79B4983F93A12DE76E55D51751E1.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/A3/64CA40A819E687F1CB52BF66D902A.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://est.msn.com/as/wea3/i/fr/30.gif
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/BD/3BC65FAD6B399ADBCB3C6FD9EADB46.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb00.s-msn.com/i/94/131CFF71AB21EE8A9EB69B23433160.jpg
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL:
http://db2.stb01.s-msn.com/i/14/9F75B0374DDCFA47C519D174ABF1B.jpg
Dec  1 09:56:24 squid2 squid[28798]: SECURITY ALERT: By user agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
Dec  1 09:56:24 squid2 squid[28798]: SECURITY ALERT: on URL:
http://ads2.msads.net/CIS/62/000/000/000/021/771.gif






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux