----- Original Message ----- From: Amos Jeffries <squid3@xxxxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxx > One big change in 3.2.0.14 related to TPROXY traffic handling. A bug in host_strict_verify was fixed, making the validation > bypass properly when the (default) non-strict was configured. > > - check that this host_strict_verify directive is ABSENT from your config file, or at very least set to OFF. There is not such directive in my config file. > > - check your cache.log for host forgery security alerts, or forwarding loop warnings when these requests are being made. > > - check your cache.log file for invalid request parsing messages. This may require "debug_options ALL,1" to be configured. The cache.log has these :- 2012/07/24 12:38:34.628| SECURITY ALERT: Host header forgery detected on local=219.93.13.235:80 remote=192.168.1.3 FD 13 flags=17 (local IP does not match any domain IP) 2012/07/24 12:38:34.628| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; (R1 1.6); .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 2012/07/24 12:38:34.628| SECURITY ALERT: on URL: http://us.mg6.mail.yahoo.com/neo/launch?.rand=5fsn8p9a1efna What is the significance ? Is it that my test client machine is infected by virus adware or what ?
