----- Original Message ----- From: Amos Jeffries <[email protected]> To: [email protected]
> One big change in 3.2.0.14 related to TPROXY traffic handling. A bug in > host_strict_verify was fixed, making the validation > bypass properly when > the (default) non-strict was configured. > > - check that this host_strict_verify directive is ABSENT from your config > file, or at very least set to OFF. There is not such directive in my config file. > > - check your cache.log for host forgery security alerts, or forwarding loop > warnings when these requests are being made. > > - check your cache.log file for invalid request parsing messages. This may > require "debug_options ALL,1" to be configured. The cache.log has these :- 2012/07/24 12:38:34.628| SECURITY ALERT: Host header forgery detected on local=219.93.13.235:80 remote=192.168.1.3 FD 13 flags=17 (local IP does not match any domain IP) 2012/07/24 12:38:34.628| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; (R1 1.6); .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 2012/07/24 12:38:34.628| SECURITY ALERT: on URL: http://us.mg6.mail.yahoo.com/neo/launch?.rand=5fsn8p9a1efna What is the significance ? Is it that my test client machine is infected by virus adware or what ?
