[squid-users] SECURITY ALERT: Host: header forgery detected with today's BZR checkout

From: Ralf Hildebrandt <Ralf.Hildebrandt_at_charite.de>
Date: Mon, 15 Aug 2011 13:52:56 +0200

With today's BZR checkout (3.2-HEAD) I'm getting a lot of "SECURITY
ALERT: Host: header forgery detected" with everyday requests:

2011/08/15 13:50:59.016| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=10.43.65.227:3266 FD 1312 flags=1 (amsprd0104.outlook.com:443 does not match amsprd0104.outlook.com)
2011/08/15 13:50:59.016| client_side.cc(1579) keepaliveNextRequest: abandoning local=141.42.1.205:8080 remote=10.43.65.227:3266 FD 1312 flags=1
2011/08/15 13:51:00.746| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=192.168.247.63:3900 FD 39 flags=1 (profpeak.avira-update.com does not match 89.105.213.24)
2011/08/15 13:51:00.752| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=192.168.247.63:3901 FD 1407 flags=1 (profpeak.avira-update.com does not match 89.105.213.24)
2011/08/15 13:51:02.056| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=10.43.21.32:4096 FD 54 flags=1 (img.web.de:443 does not match img.web.de)
2011/08/15 13:51:02.056| client_side.cc(1579) keepaliveNextRequest: abandoning local=141.42.1.205:8080 remote=10.43.21.32:4096 FD 54 flags=1
2011/08/15 13:51:02.247| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=141.42.195.43:1355 FD 158 flags=1 (professional.avira-update.com does not match 80.190.130.195)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebrandt@charite.de | http://www.charite.de
	    
Received on Mon Aug 15 2011 - 11:53:07 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 15 2011 - 12:00:02 MDT