Hi all, After an upgrade of squid3 to version 3.3.8-1ubuntu6, I got the unpleasant surprise of what is called the "Host header forgery policy". I've read the documentation of this part, and although I understand the motivation of its implementation, I honestly see not very practical implementing this without the possibility of disabling it, basically because not all scenarios fit the requirements written on the documentation. I have about 30 clients and I've configured squid3 to be a transparent proxy on port 3128 on a remote server. The entry point is port 8080 which is then redirected on the same host to the port 3128. However, *any* opened URL throws the warning: 2014/07/14 19:21:52.612| SECURITY ALERT: Host header forgery detected on local=10.10.0.1:8080 remote=10.10.0.6:59150 FD 9 flags=33 (local IP does not match any domain IP) 2014/07/14 19:21:52.612| SECURITY ALERT: By user agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 2014/07/14 19:21:52.612| SECURITY ALERT: on URL: google.com:443 2014/07/14 19:21:52.612| abandoning local=10.10.0.1:8080 remote=10.10.0.6:59150 FD 9 flags=33 I have manually configured the browser of these clients - the problem is that in the company's network I have my DNS servers and on the remote host (where the Squid server is running) there are others, and as this is hosted by an external company which doesn't allow changing those DNS nameservers, I wonder what to do? Is there any solution at this point? Thanks.
