|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oh, shi...... It can't be on proxy host or other infrastructure. It can be on these client...... Let's check. 27.01.2015 10:41, Amos Jeffries пишет: > On 27/01/2015 11:13 a.m., Yuri Voinov wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > Hi gents, > > > who knows - what does it mean below? > > > 2015/01/27 04:11:42.289 kid1| SECURITY ALERT: Host header forgery > > detected on local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18 > > flags=33 (intercepted port does not match 443) 2015/01/27 > > 04:11:42.289 kid1| SECURITY ALERT: By user agent: 2015/01/27 > > 04:11:42.289 kid1| SECURITY ALERT: on URL: > > stnd-lueg.crsi.symantec.com:443 2015/01/27 04:11:42.289 kid1| > > abandoning local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18 > > flags=33 > > > http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery > > > Notice how the origin-server request being intercepted on port *80* > says its on port *443*. > > This is either one of the actual attacks the forgery protection was > put in place to prevent (yeas they do happen). Or you have a NAT > somewhere mapping port 443 onto port 80 before it gets to the proxy > machine. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUx1juAAoJENNXIZxhPexGD/4IAKWWJ7Uf29cxIOCwOcMZwkYv vu/h2FV/hf7W7ZK2XTAr2a2kcCR4YKamlHcftd1/jT9EMLCRhj87xicLoLSqjyJJ ONAPP6OOy7ib8cNGyEpUhoYL9pui32iwv/lLFQZro7c1cvuJZFheg3RMqXMG4q7l XAWFiKPsTl8vZ5pWQIrmkeuqBoee6XHZmBErGY/cIcEcn0bAlxMQLgyC1wNg136l cqZxk5f55SZ03fy+pivjUgy16vWJx5pJyDMJIJh79x7hbE9ZilTDRGnf81+Sie5s 80QmQh17pWMmT9o7CDFG6FdOcDtpn386D7OECrJZYCiorKIctRevF+I/sCQfj3c= =IQmE -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
