Dear Amos, Sorry for concluded hurriedly. When i do a test with 1 user, it's seem ok, no more Aler from cache.log. But when i test with more users, the Alert log from cache.log happen again. And so i can't access some https page as chatwork.com , facebook.com
2017/11/29 18:06:41 kid1| SECURITY ALERT: Host header forgery detected on local=54.238.137.130:443 remote=172.16.255.10:61831 FD 131 flags=33 (local IP does not match any domain IP) 2017/11/29 18:06:41 kid1| SECURITY ALERT: on URL: www.chatwork.com:443 2017/11/29 18:06:48 kid1| SECURITY ALERT: Host header forgery detected on local=31.13.95.8:443 remote=172.16.255.51:54984 FD 173 flags=33 (local IP does not match any domain IP) 2017/11/29 18:06:48 kid1| SECURITY ALERT: on URL: api.facebook.com:443 2017/11/29 18:08:07 kid1| SECURITY ALERT: Host header forgery detected on local=31.13.95.12:443 remote=172.16.255.51:54990 FD 51 flags=33 (local IP does not match any domain IP) 2017/11/29 18:08:07 kid1| SECURITY ALERT: on URL: static.xx.fbcdn.net:443 2017/11/29 18:08:50 kid1| SECURITY ALERT: Host header forgery detected on local=172.217.24.197:443 remote=172.16.255.10:61866 FD 34 flags=33 (local IP does not match any domain IP) 2017/11/29 18:08:50 kid1| SECURITY ALERT: on URL: mail.google.com:443 2017/11/29 18:09:43 kid1| SECURITY ALERT: Host header forgery detected on local=13.113.80.172:443 remote=172.16.255.10:61890 FD 124 flags=33 (local IP does not match any domain IP) 2017/11/29 18:09:43 kid1| SECURITY ALERT: on URL: ws-chatwork.pusher.com:443 2017/11/29 18:10:59 kid1| WARNING: 1 swapin MD5 mismatches 2017/11/29 18:11:00 kid1| SECURITY ALERT: Host header forgery detected on local=157.240.15.22:443 remote=172.16.255.51:55032 FD 93 flags=33 (local IP does not match any domain IP) 2017/11/29 18:11:00 kid1| SECURITY ALERT: on URL: connect.facebook.net:443 2017/11/29 18:13:15 kid1| SECURITY ALERT: Host header forgery detected on local=31.13.95.36:443 remote=172.16.255.12:33158 FD 25 flags=33 (local IP does not match any domain IP) 2017/11/29 18:13:15 kid1| SECURITY ALERT: on URL: www.facebook.com:443 2017/11/29 18:14:00 kid1| SECURITY ALERT: Host header forgery detected on local=31.13.95.34:443 remote=172.16.255.59:39526 FD 74 flags=33 (local IP does not match any domain IP) 2017/11/29 18:14:00 kid1| SECURITY ALERT: on URL: mqtt-mini.facebook.com:443 I have a Mikrotik router (172.16.1.1), and some Lan Local. With every Lan, my DHCP allocates DNS, gateway to my LAN. Ext : 172.16.255.0/24 with gateway : 172.16.255.254 and DNS 172.16.255.254 - Mikrotik config with Cache DNS from 8.8.8.8 - Squid use DNS 172.16.1.1 ( Mikrotik DNS) - Squid config DNS to 172.16.1.1 - Client use DNS allocated by DHCP (but there is still Mikrotik router) Here is my full squid.conf : #Allollow LAN Network # Allow Network ACL Allow/Deny Section# acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 443 acl Safe_ports port 1025-65535 acl CONNECT method CONNECT acl fb dstdomain .facebook.com #http_access deny CONNECT fb http_access allow localhost http_access allow all # Transparent Proxy Parameters http_port 3130 http_port 3128 intercept https_port 3129 intercept ssl-bump generate-host-certificates=off cert=/etc/squid/ssl_cert/squid-3.5.27.pem ### SSL config ### #-Start-# #ssl_bump none all acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice all #-End-# # --------- Add X-Forwarded-for in headers [0]? #-Start-# forwarded_for transparent #-End-# debug_options ALL,1 log_fqdn on emulate_httpd_log on icap_enable on global_internal_static on short_icon_urls on log_uses_indirect_client on # --------- DNS AND IP CACHES [4341] dns_nameservers 172.16.1.1 dns_v4_first on host_verify_strict off ignore_unknown_nameservers off dns_timeout 120 seconds ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 positive_dns_ttl 6 hours negative_dns_ttl 300 seconds --------------------------------------------------------- Could you please help me . Thanks & Best Regards, 2017-11-28 17:32 GMT+07:00 minh hưng đỗ hoàng <hoangminh...@gmail.com>: > Dear Amos, > I solved my problem by following this : > 1 - I used my Mikrotik router as a cache DNS > 2 - Both Squid proxy and my client use Mikrotik' DNS > > => It no more take alert from cache.log > > Thanks alot :) > -- > Thanks & Best Regards, > -------------- > Đỗ Hoàng Minh Hưng > Gmail : hoangminh...@gmail.com > SĐT : 01234454115 > -- Thanks & Best Regards, -------------- Đỗ Hoàng Minh Hưng Gmail : hoangminh...@gmail.com SĐT : 01234454115
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
