Hey There,
I do not know your setup but if you run:
dig domain.com
and the results are different from what the client tries to request it
seems to be a Host Header Forgery like..
In the case of google, it seems like google instead of pointing to one
of your servers points to a local server but I cannot know which one is it.
You know your network the best and if the client and squid uses
different DNS servers this would be the result.
The basic fix to that will be to use the same DNS for both squid and the
client.
Regards,
Eliezer
On 07/14/2014 08:46 PM, Edwin Marqe wrote:
> I have about 30 clients and I've configured squid3 to be a transparent
> proxy on port 3128 on a remote server. The entry point is port 8080
> which is then redirected on the same host to the port 3128.
>
> However,*any* opened URL throws the warning:
>
> 2014/07/14 19:21:52.612| SECURITY ALERT: Host header forgery detected
> on local=10.10.0.1:8080 remote=10.10.0.6:59150 FD 9 flags=33 (local IP
> does not match any domain IP)
> 2014/07/14 19:21:52.612| SECURITY ALERT: By user agent: Mozilla/5.0
> (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
> 2014/07/14 19:21:52.612| SECURITY ALERT: on URL: google.com:443
> 2014/07/14 19:21:52.612| abandoning local=10.10.0.1:8080
> remote=10.10.0.6:59150 FD 9 flags=33
>
> I have manually configured the browser of these clients - the problem
> is that in the company's network I have my DNS servers and on the
> remote host (where the Squid server is running) there are others, and
> as this is hosted by an external company which doesn't allow changing
> those DNS nameservers, I wonder what to do? Is there any solution at
> this point?
>
> Thanks.
Received on Mon Jul 14 2014 - 18:11:34 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 15 2014 - 12:00:08 MDT