[squid-users] Re: transparent proxy on remote box issue

From: WorkingMan <signup_mail2002_at_yahoo.com>
Date: Thu, 24 Oct 2013 07:07:08 +0000 (UTC)

For access denied I found something interesting.

client_side_request.cc(572) hostHeaderIpVerify:
validate IP 127.0.0.1:3130 non-match from Host: IP 165.254.27.105
client_side_request.cc(572) hostHeaderIpVerify:
validate IP 127.0.0.1:3130 non-match from Host: IP 165.254.27.115
client_side_request.cc(575) hostHeaderIpVerify:
FAIL: validate IP 127.0.0.1:3130 possible from Host:
client_side_request.cc(586) hostHeaderVerifyFailed:
SECURITY ALERT: Host header forgery detected on local=127.0.0.1:3130
remote=127.0.0.1:41917 FD 96 flags=33 (local IP does not match any domain IP)
on URL: http://news.cnet.com/

Does this cause access denied? If so is there a way around this?
In the log it says "match found, calling back with DENIED" for
"follow_x_forwarded_for deny all", but later on it says ALLOWED due to
another ACL rule I have. So can you tell from this why I am getting access
denied?

Thanks
Received on Thu Oct 24 2013 - 07:07:33 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 24 2013 - 12:00:07 MDT