----- Original Message ----- From: Amos Jeffries <[email protected]> To: [email protected]
> The HTTP Host: header contains a domain name which does not match the IP > address the TCP connection is being > made to. http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery covers > the problem in some detail. For your > case in particular I suspect the DNS situations need to be checked. > 219.93.13.235 found by the client is not one of the IPs belonging to > us.mg6.mail.yahoo.com which DNS is supplying > to Squid. On the "big name" websites this is usually caused by Geo-DNS > resolution problems rather than client infection. > But there is no way for Squid to be sure. The only option is for Squid to > open a TCP connection directly to that IP > and hope for the best, or if direct connections are blocked the unable to > connect comes up. > > NOTE: if you are using cache_peer you can currently only send them requests > where the Host header validates as okay, > or were received as regular forward-proxy / reverse-proxy traffic. (I'm > working on that one as I type, but the fix is a few > days/weeks away). > > If you are *not* using cache_peer then you have TCP connectivity problems > that need fixing. > > You can run 3.1 series for now, or that older beta (ideally not, but if you > *really* have to its okay for now). There > are tweaks and improvements around this right up to the > squid-3.2.0.18-20120724-r11624 > <http://master.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html> snapshot > with more coming. With > probably some of the network environment situations mentioned in the wiki > needing to be fixed as well. > > Amos As it seems the header forgery is likely a sidetrack issue due to me using different name servers in squid machine and test client machine. After I synchronized the name server to be the same, that message does not appear anymore. But still my problem of unable to logon to yahoo mail in tproxy mode using squid-3.2.0.14 is still there ( logon using intercepting mode is ok ), whereas when using squid-3.2.0.12 and 3.2.0.13, I could logon to yahoo mail. Therefore the "significant" changes in squid-3.2.0.14 might throw some lights as to why I could not logon on to yahoo mail in tproxy mode.
