Hello, we have intercepting squid on one router and these messages started appear sometimes: 2020/05/11 13:41:23 kid1| SECURITY ALERT: Host header forgery detected on local=[XXX]:80 remote=192.168.1.224:1040 FD 69 flags=33 (intercepted port does not match 443) 2020/05/11 13:41:23 kid1| SECURITY ALERT: By user agent: Microsoft BITS/6.7 2020/05/11 13:41:23 kid1| SECURITY ALERT: on URL: armmf.adobe.com:443 2020/05/11 13:41:23 kid1| kick abandoning local=[XXX]:80 remote=192.168.1.224:1040 FD 69 flags=33 I am aware of possible interception issues but what exactly does this message mean? The original destination port is 80, why does squid complain about it not being port 443? the iptable rules: Chain PREROUTING (policy ACCEPT 1759K packets, 217M bytes) pkts bytes target prot opt in out source destination 37068 1966K REDIRECT tcp -- lan0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8888 thanks. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
