Search squid archive

Re: Host header forgery detected

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27/01/2015 11:13 a.m., Yuri Voinov wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> 
> Hi gents,
> 
> who knows - what does it mean below?
> 
> 2015/01/27 04:11:42.289 kid1| SECURITY ALERT: Host header forgery 
> detected on local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18 
> flags=33 (intercepted port does not match 443) 2015/01/27
> 04:11:42.289 kid1| SECURITY ALERT: By user agent: 2015/01/27
> 04:11:42.289 kid1| SECURITY ALERT: on URL: 
> stnd-lueg.crsi.symantec.com:443 2015/01/27 04:11:42.289 kid1|
> abandoning local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18
> flags=33


http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery


Notice how the origin-server request being intercepted on port *80*
says its on port *443*.

This is either one of the actual attacks the forgery protection was
put in place to prevent (yeas they do happen). Or you have a NAT
somewhere mapping port 443 onto port 80 before it gets to the proxy
machine.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUxxbvAAoJELJo5wb/XPRjTdQIAIOcNaLxWDrXqea1kNR1w+s5
sojo3GdYRDxCZpnFkacHfvP3gKh6lGvCBOGztVx9u0Xn9Jce8VBKwgf0nUTeYOX3
nIzpwFTONpSAEo1LJDbuilbciQh6uSj5TFWJK4XhHlARURWWTAax1+9SZZHpTKt0
MulqF0nmka+qqeETVZ19qpTowbEmdD8NLI4k5e9xDwUGXicSuy5tpGYsxZKM3vbB
muIexuZlAajsIK7MyFepipvGqMLbQ86O/Pi7fgyCjK9ZMzimAdvygi/gv2kJiXmt
YzWPXqROX4qXrnmU24W4HBFdZXTzl9Al3Z+oqRpFlzGs2yWVXVFBJLwa19IDM9A=
=efCQ
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux