Dears all, The "www.facebook.com" not work in the TPROXY mode because the problem of the "Host header forgery detected", the TPROXY is nice feature and we needed it for the spoofing the client IP address. I think the squid developers need to Think about this problem, I hope we can fix this problem. Note: other website have the same problem like "translate.google.ps" Thanks and Best Regards, Saleh 2011/12/14 09:39:34.019 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 09:39:35.609 kid1| SECURITY ALERT: Host header forgery detected on local=69.63.181.16:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 09:39:35.609 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 09:39:35.609 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 09:39:35.877 kid1| SECURITY ALERT: Host header forgery detected on local=69.63.181.16:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 09:39:35.877 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 09:39:35.877 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 09:39:37.376 kid1| SECURITY ALERT: Host header forgery detected on local=69.63.181.16:80 remote=217.xxx.xxx.178 FD 18 flags=17 (local IP does not match any domain IP) 2011/12/14 09:39:37.376 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 09:39:37.376 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 09:39:37.640 kid1| SECURITY ALERT: Host header forgery detected on local=69.63.181.16:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 09:39:37.640 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 09:39:37.640 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 09:39:39.419 kid1| SECURITY ALERT: Host header forgery detected on local=69.63.181.16:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 09:39:39.419 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 09:39:39.419 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 09:39:39.686 kid1| SECURITY ALERT: Host header forgery detected on local=69.63.181.16:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 09:39:39.686 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 09:39:39.686 kid1| SECURITY ALERT: on URL: http://www.facebook.com/ 2011/12/14 10:54:59.082 kid1| SECURITY ALERT: Host header forgery detected on local=209.85.148.138:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 10:54:59.082 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 10:54:59.082 kid1| SECURITY ALERT: on URL: http://translate.google.ps/translate_a/t?client=t&text=%20nice%20fut&hl=en&sl=en&tl=ar&multires=1&otf=2&ssel=0&tsel=0&sc=1 2011/12/14 10:55:00.846 kid1| SECURITY ALERT: Host header forgery detected on local=209.85.148.138:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 10:55:00.846 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 10:55:00.846 kid1| SECURITY ALERT: on URL: http://translate.google.ps/translate_a/t?client=t&text=%20nice%20futuare&hl=en&sl=en&tl=ar&multires=1&otf=1&ssel=0&tsel=0&sc=1 2011/12/14 10:55:02.451 kid1| SECURITY ALERT: Host header forgery detected on local=209.85.148.138:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) 2011/12/14 10:55:02.451 kid1| SECURITY ALERT: By user agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 ZarafaCheck/1.1.1.20080624.110 2011/12/14 10:55:02.451 kid1| SECURITY ALERT: on URL: http://translate.google.ps/translate_a/t?client=t&text=%20nice%20futuare%20&hl=en&sl=en&tl=ar&multires=1&otf=1&ssel=0&tsel=0&sc=1 2011/12/14 10:55:18.598 kid1| SECURITY ALERT: Host header forgery detected on local=209.85.148.138:80 remote=217.xxx.xxx.178 FD 13 flags=17 (local IP does not match any domain IP) > On Tue, 13 Dec 2011 16:20:57 +0200, Eliezer Croitoru wrote: >> why dont you use the interception\transparent mode instead of TPROXY? >> for your setup it seems just the perfect idea. >> i'm using a range setup like this: >> -A PREROUTING -p tcp -m tcp -m iprange ! -d 192.168.0.0/16 -i eth1 >> --dport 80 -j REDIRECT --to-ports 3128 --src-range >> 192.168.0.0-192.168.0.190 >> >> with >> http_port 192.168.0.1:3128 intercept >> >> and it works like a charm. > > FYI: this is his config although using the deprecated "transparent" > flag instead of "intercept". And TPROXY is the better one to use than > NAT, albeit more complicated. > > The main problem now seems to be his hang-up on the idea that > "configuration of browsers" means manually visiting each client. > Ignoring the fact that every mention so far has been about using WPAD > for automated configuration of unlimited numbers of clients with a > one-off action. > > Amos > >
