No problem with 3.2.0.13-20111129-r11445 without transparent mode There is something interresting in access.log ? ----- Mail original ----- De: "David Touzeau" <david@xxxxxxxxxx> À: squid-users@xxxxxxxxxxxxxxx Envoyé: Jeudi 1 Décembre 2011 09:58:47 Objet: Re: SECURITY ALERT: Squid Cache: Version 3.2.0.13 Le mercredi 30 novembre 2011 à 11:14 +1300, Amos Jeffries a écrit : > On Tue, 29 Nov 2011 22:48:39 +0100, David Touzeau wrote: > > Dear > > > > I'm trying to make Squid Cache: Version 3.2.0.13-20111127-r11436 on > > transparent mode > > > > But squid refuse to access to some websites > > for example google.* is ok > > > > but microsoft is impossible. > > > > How to fix this issue ? > > Track down the client software which is producing the requests. > > > > > On event : > > > > > ... missing log line... > > > Nov 29 22:18:57 squid2 squid[11257]: SECURITY ALERT: By user agent: > > Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; > > InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR > > 3.0.4506.2152; .NET CLR 3.5.30729) > > Nov 29 22:18:57 squid2 squid[11257]: SECURITY ALERT: on URL: > > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome > > ... missing log line... > > > Nov 29 22:18:59 squid2 squid[11257]: SECURITY ALERT: By user agent: > > Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; > > InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR > > 3.0.4506.2152; .NET CLR 3.5.30729) > > Nov 29 22:18:59 squid2 squid[11257]: SECURITY ALERT: on URL: > > http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome > > > Which brings us back to the question of where the key log line has > disappeared to. > > The log line which says "Host header forgery from $C ($A does not match > $B)" > > What those $ values are is important to how to fix it. $C is the > connection details needed to isolate the machine to investigate. $A and > $B the details which it is getting wrong. > > Amos > I have made others tests HEre it is the dump. Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/42/72A83D0D39814D13CA15F184E71D2.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/F4/9DC6A31D2F48971E8CF184EAF3ACFF.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/B5/2BC4D612CC1DB446582EB29AD4FF0.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/B3/F358459610F7EE4285351371CB3A.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb01.s-msn.com/i/4B/9571894AD3B49F1AFBDFB6A0AB929.gif Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/98/FD8C6B5E35BB28EE6D5D7CAA46C48.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/FF/976AED20082B54679EAB83F1C3.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/48/B6F62B8F241454CD698D3CE9DB625.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb01.s-msn.com/i/9B/BBD5BC1B0962CA282508E1A7FB4A0.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/1F/C76A82B18F7D1B3C54BA91EC4C250.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb01.s-msn.com/i/19/876FD0FCBCE1923D3FB6CA6FECD496.jpg Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb01.s-msn.com/i/7D/52D12418B630F1586B7DD29B40D77D.jpg Dec 1 09:56:22 squid2 squid[28754]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:22 squid2 squid[28754]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/1C/B916E20FDBAABD2FE380EB8B6AEC.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb01.s-msn.com/i/46/274F185AF2C2D85E1F2FC5977F13.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/89/9730F0C17E6AA0923B57F951F66C.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/3E/79B4983F93A12DE76E55D51751E1.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/A3/64CA40A819E687F1CB52BF66D902A.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://est.msn.com/as/wea3/i/fr/30.gif Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/BD/3BC65FAD6B399ADBCB3C6FD9EADB46.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb00.s-msn.com/i/94/131CFF71AB21EE8A9EB69B23433160.jpg Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:23 squid2 squid[28798]: SECURITY ALERT: on URL: http://db2.stb01.s-msn.com/i/14/9F75B0374DDCFA47C519D174ABF1B.jpg Dec 1 09:56:24 squid2 squid[28798]: SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; MS-RTC LM 8; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Dec 1 09:56:24 squid2 squid[28798]: SECURITY ALERT: on URL: http://ads2.msads.net/CIS/62/000/000/000/021/771.gif