----- Original Message -----
From: Amos Jeffries <squid3_at_treenet.co.nz>
To: squid-users_at_squid-cache.org
> One big change in 3.2.0.14 related to TPROXY traffic handling. A bug in host_strict_verify was fixed, making the validation > bypass properly when the (default) non-strict was configured.
>
> - check that this host_strict_verify directive is ABSENT from your config file, or at very least set to OFF.
There is not such directive in my config file.
>
> - check your cache.log for host forgery security alerts, or forwarding loop warnings when these requests are being made.
>
> - check your cache.log file for invalid request parsing messages. This may require "debug_options ALL,1" to be configured.
The cache.log has these :-
2012/07/24 12:38:34.628| SECURITY ALERT: Host header forgery detected on local=219.93.13.235:80 remote=192.168.1.3 FD 13 flags=17 (local IP does not match any domain IP)
2012/07/24 12:38:34.628| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; (R1 1.6); .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)
2012/07/24 12:38:34.628| SECURITY ALERT: on URL: http://us.mg6.mail.yahoo.com/neo/launch?.rand=5fsn8p9a1efna
What is the significance ? Is it that my test client machine is infected by virus adware or what ?
Received on Tue Jul 24 2012 - 04:54:03 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 24 2012 - 12:00:02 MDT