Re: [squid-users] SECURITY ALERT: Squid Cache: Version

From: Amos Jeffries <>
Date: Fri, 02 Dec 2011 15:05:27 +1300

Hooray progress :)

On 2/12/2011 5:49 a.m., David Touzeau wrote:
> Here it is the log in debug mode :
> ----------
> 2011/12/01 17:49:14.106 kid1| HTTP Client local=
> remote= FD 30 flags=33
> 2011/12/01 17:49:14.106 kid1| HTTP Client REQUEST:
> ---------
> GET /v9/windowsupdate/a/selfupdate/WSUS3/x86/Other/ HTTP/1.1
> Accept: */*
> User-Agent: Windows-Update-Agent
> Host:
> Connection: Keep-Alive

K. first problem:
# host
... has address has address has address

Client is connecting to server port 80. Which is clearly
not "" according to the official DNS entries I
can see. It is likely you have another set of IPs entirely, so please
confirm that by running "host" on the Squid box.

Note that transparent Squid requires the same DNS "view" as the clients
to keep the traffic flowing to the right places. Since it should be in
the same network as the clients for transparent to work anyway this is
not usually a problem. But can appear if you or the client is doing
anything fancy with DNS server configurations.

NP: if happens to be a local WSUS server you need to
configure your local DNS to pass that info on to Squid for the relevant
WSUS hosted domains. You will also benefit from Squid helping to enforce
that MS update traffic stays on-LAN.

Received on Fri Dec 02 2011 - 02:05:36 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST