Thanks Amos for your good work, from squid-3.2.0.13 and squid-3.2.0.14 version we facing a big problem with SECURITY ALERT: By user agent and SECURITY ALERT: on URL the squid box and the clients using the same DNS servers, what mean flags=33 and flags=17 in the cache log file and how I can disable the SECURITY ALERT. squid config http_port 192.168.95.20:3129 transparent iptables: iptables -t nat -A WEBPROXY -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3129 cache.log 2011/12/13 09:23:48.529 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 2011/12/13 09:23:48.529 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ajax/chat/send.php?__a=1 2011/12/13 09:23:48.597 kid1| SECURITY ALERT: Host header forgery detected on local=66.220.147.33:80 remote=10.0.2.45:37086 FD 270 flags=33 (l ocal IP does not match any domain IP) 2011/12/13 09:23:48.597 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1 2011/12/13 09:23:48.597 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ajax/chat/user_info.php?__a=1&ids[0]=1521437876&__user=100000212 560683 2011/12/13 09:23:48.710 kid1| SECURITY ALERT: Host header forgery detected on local=69.171.242.11:80 remote=10.0.10.61:50241 FD 241 flags=33 ( local IP does not match any domain IP) 2011/12/13 09:23:48.710 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 2011/12/13 09:23:48.710 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ajax/typeahead/search.php?__a=1&value=%D8%AD%D8%B0%D9%8A%D9%81%D 8%A9%20&viewer=100003230327449&rsp=search&context=search&sid=0.5034341039885455&__user=100003230327449 2011/12/13 09:23:48.899 kid1| SECURITY ALERT: Host header forgery detected on local=66.220.158.18:80 remote=10.0.0.237:4549 FD 310 flags=33 (l ocal IP does not match any domain IP) 2011/12/13 09:23:48.899 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 2011/12/13 09:23:48.899 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ajax/messaging/typ.php?__a=1 2011/12/13 09:23:48.962 kid1| SECURITY ALERT: Host header forgery detected on local=50.23.103.21:80 remote=10.0.10.79:57761 FD 340 flags=33 (l ocal IP does not match any domain IP) 2011/12/13 09:23:48.962 kid1| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2 .0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C) 2011/12/13 09:23:48.962 kid1| SECURITY ALERT: on URL: http://mntr.facemoods.com/mntr/1.1.0.4/mtiecore.js 2011/12/13 09:23:49.342 kid1| SECURITY ALERT: Host header forgery detected on local=66.220.158.18:80 remote=10.0.0.237:4550 FD 183 flags=33 (l ocal IP does not match any domain IP) Thanks and Best Regards, Saleh > The Squid HTTP Proxy team is very pleased to announce the > availability of the Squid-3.2.0.14 beta release! > > > This release fixes many of the assertion and segmentation fault bugs > found over the prior 3.2 beta releases. There are some few regressions > still remaining to be found. > > > * The regression in earlier 3.2 betas spoofing client IP properly for > TPROXY has been fixed. > > * ext_session_acl helper upgraded to version 1.2. This version is > updated to use modern BerkeleyDB 4.1+ APIs for improved support of > synchronisation amongst multiple helper processes. > > * The missing ERR_DNS_FAIL error messages on DNS lookup failure has > been restored. > > * ssl-bump decryption in Squid can now send a CA chain for generated > certificates. This allows a local intermediate CA to sign the CA > certificate used by the generator. Further assistance with testing that > is welcome. > > * adaptation_meta directive has been added to pass custom headers to > ICAP or eCAP services. > > * QoS support has been extended to allow masking the values relayed > through Squid. This allows Squid to merge a tag value of its own with > the value being relayed through. > > * SMP shared memory statistics are now collected and displayed in the > cache manager reports. > > > As usual this release contains all the fixes passed on to 3.1 series > alongside its own changes. > > See the ChangeLog for the list of other minor changes in this release. > > All users interested in 3.2 features are encouraged to assist testing > this release. > > > Please refer to the release notes at > http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html > when you are ready to make the switch to Squid-3.2 > > Upgrade tip: > "squid -k parse" is starting to display even more useful hints about > squid.conf changes. > > This new release can be downloaded from our HTTP or FTP servers > > http://www.squid-cache.org/Versions/v3/3.2/ > ftp://ftp.squid-cache.org/pub/squid/ > ftp://ftp.squid-cache.org/pub/archive/3.2/ > > or the mirrors. For a list of mirror sites see > > http://www.squid-cache.org/Download/http-mirrors.html > http://www.squid-cache.org/Download/mirrors.html > > If you encounter any issues with this release please file a bug report. > http://bugs.squid-cache.org/ > > > Amos Jeffries > >
