On 21/06/2016 9:44 p.m., reinerotto wrote: >> stay in sync > naturally 90-something percent of the time. < > I have a local dnsmasq running. squid and all clients synced to it. > But the last 10% seem to cause the SECURITY ALERT. > > > 2016/06/21 12:17:51.672 kid1| SECURITY ALERT: Host header forgery detected > on local=nn.nnn.nnn.nnn:443 remote=10.1.0.126:62222 FD 199 flags=33 (local > IP does not match any domain IP) > 2016/06/21 12:17:51.672 kid1| SECURITY ALERT: on URL: ib.adnxs.com:443 > > In case, this messages shows up, is the connection terminated ? > The request continues to be handled same as any other. Except that it is not cached and only allowed to go upstream to the same destination IP address the client was trying to use (ORIGINAL_DST). I'm not completely sure what happens to the SSL-Bump fake CONNECT requests when the SNI value causes the alert. The fake request has the above settings flagged, but the SSL-Bump logic may or may not follow through for the decrypted requests. Those sub-requests should have the validation check applied separately for their particular Host's anyway, so maybe different results at that point. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
