On 12/05/20 1:01 am, Matus UHLAR - fantomas wrote: > Hello, > > we have intercepting squid on one router and these messages started appear > sometimes: > > 2020/05/11 13:41:23 kid1| SECURITY ALERT: Host header forgery detected > on local=[XXX]:80 remote=192.168.1.224:1040 FD 69 flags=33 (intercepted > port does not match 443) > 2020/05/11 13:41:23 kid1| SECURITY ALERT: By user agent: Microsoft BITS/6.7 > 2020/05/11 13:41:23 kid1| SECURITY ALERT: on URL: armmf.adobe.com:443 > 2020/05/11 13:41:23 kid1| kick abandoning local=[XXX]:80 > remote=192.168.1.224:1040 FD 69 flags=33 > > I am aware of possible interception issues but what exactly does this > message mean? The original destination port is 80, why does squid complain > about it not being port 443? The HTTP Host header says the client was connecting to a server on port 443. Yet the TCP packets came, as you say from port 80. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
