-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27/01/2015 11:13 a.m., Yuri Voinov wrote: > > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Hi gents, > > who knows - what does it mean below? > > 2015/01/27 04:11:42.289 kid1| SECURITY ALERT: Host header forgery > detected on local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18 > flags=33 (intercepted port does not match 443) 2015/01/27 > 04:11:42.289 kid1| SECURITY ALERT: By user agent: 2015/01/27 > 04:11:42.289 kid1| SECURITY ALERT: on URL: > stnd-lueg.crsi.symantec.com:443 2015/01/27 04:11:42.289 kid1| > abandoning local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18 > flags=33 http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery Notice how the origin-server request being intercepted on port *80* says its on port *443*. This is either one of the actual attacks the forgery protection was put in place to prevent (yeas they do happen). Or you have a NAT somewhere mapping port 443 onto port 80 before it gets to the proxy machine. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUxxbvAAoJELJo5wb/XPRjTdQIAIOcNaLxWDrXqea1kNR1w+s5 sojo3GdYRDxCZpnFkacHfvP3gKh6lGvCBOGztVx9u0Xn9Jce8VBKwgf0nUTeYOX3 nIzpwFTONpSAEo1LJDbuilbciQh6uSj5TFWJK4XhHlARURWWTAax1+9SZZHpTKt0 MulqF0nmka+qqeETVZ19qpTowbEmdD8NLI4k5e9xDwUGXicSuy5tpGYsxZKM3vbB muIexuZlAajsIK7MyFepipvGqMLbQ86O/Pi7fgyCjK9ZMzimAdvygi/gv2kJiXmt YzWPXqROX4qXrnmU24W4HBFdZXTzl9Al3Z+oqRpFlzGs2yWVXVFBJLwa19IDM9A= =efCQ -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
