Hey There,
I do not know your setup but if you run:
dig domain.com
and the results are different from what the client tries to request it
seems to be a Host Header Forgery like..
In the case of google, it seems like google instead of pointing to one
of your servers points to a local server but I cannot know which one is it.
You know your network the best and if the client and squid uses
different DNS servers this would be the result.
The basic fix to that will be to use the same DNS for both squid and the
client.
Regards,
Eliezer
On 07/14/2014 08:46 PM, Edwin Marqe wrote:
I have about 30 clients and I've configured squid3 to be a transparent
proxy on port 3128 on a remote server. The entry point is port 8080
which is then redirected on the same host to the port 3128.
However,*any* opened URL throws the warning:
2014/07/14 19:21:52.612| SECURITY ALERT: Host header forgery detected
on local=10.10.0.1:8080 remote=10.10.0.6:59150 FD 9 flags=33 (local IP
does not match any domain IP)
2014/07/14 19:21:52.612| SECURITY ALERT: By user agent: Mozilla/5.0
(Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
2014/07/14 19:21:52.612| SECURITY ALERT: on URL: google.com:443
2014/07/14 19:21:52.612| abandoning local=10.10.0.1:8080
remote=10.10.0.6:59150 FD 9 flags=33
I have manually configured the browser of these clients - the problem
is that in the company's network I have my DNS servers and on the
remote host (where the Squid server is running) there are others, and
as this is hosted by an external company which doesn't allow changing
those DNS nameservers, I wonder what to do? Is there any solution at
this point?
Thanks.
