Re: [squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?

On 24/01/19 2:55 am, reinerotto wrote: > I suspect, these messages, for example, are not caused by any malware, but > somehow by skype: > > 2019/01/23 13:38:18 kid1| SECURITY ALERT: on URL: > mobile.pipe.aria.microsoft.com:443 > 2019/01/23 13:38:18 kid1| SECURITY ALERT: Host header forgery detecte

Re: [squid-users] What's the best way to ban Let's encrypt based certificates? or whitelist a very narrow list of Root and Intermediates CA?

Amos, Thanks for the feedback. Now that we write about the subject in clear text it's making things a bit clear. I wasn't sure about the purpose of the helpers to begin with. As you wrote before, for specific use cases these X.509 properties are what this specific organization need to verify.

Re: [squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?

I suspect, these messages, for example, are not caused by any malware, but somehow by skype: 2019/01/23 13:38:18 kid1| SECURITY ALERT: on URL: mobile.pipe.aria.microsoft.com:443 2019/01/23 13:38:18 kid1| SECURITY ALERT: Host header forgery detected on local=52.114.76.35:443 remote=192.168.182.10:5

Re: [squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?

On 23/01/19 9:22 pm, reinerotto wrote: > Running squid 4.4 on very limited device, unfortunately quite a lot of > messages: "... SECURITY ALERT: Host header forgery detected ... " show up. > Unable to eliminate real cause of this issue (even using iptables to redir > all DNS requests to one dnsma

Re: [squid-users] What's the best way to ban Let's encrypt based certificates? or whitelist a very narrow list of Root and Intermediates CA?

On 23/01/19 7:59 pm, Eliezer Croitoru wrote: > OK so, > > Every Root CA have differ level of certification. > For example there are Root CA's which are allowed to sign only for encryption > ...and basic domain ownership validation which can be verified against a > Domain Regristrar. > Compared

Re: [squid-users] ICAP and 403 Encapsulated answers (SSL denied domains)

As a workaround, you can try disabling client-to-Squid persistent connections (client_persistent_connections off) or changing your ICAP service to produce a response with a non-empty 403 body. You are right this is a browser bug (firefox at least recent versions) and this issue can be resol

[squid-users] squid on openwrt: Possible to get rid of "... SECURITY ALERT: Host header forgery detected ..." msgs ?

Running squid 4.4 on very limited device, unfortunately quite a lot of messages: "... SECURITY ALERT: Host header forgery detected ... " show up. Unable to eliminate real cause of this issue (even using iptables to redir all DNS requests to one dnsmasq does not help), these annoying messages tend