Hello…
I have a problem, when I have the proxy enable I cant open web page in the browser mozilla chrome…
the proxy is configurate Transparent SSL http https enable.
I Disable the proxy and I can navegate.
Why or what I can do.?
Hi Christian
With Proxy in transparent mode, SSL AFAIK can’t or doesn’t work properly.
If you use WPAD / Proxy - it seems to work well enough, even for Windows Updates.
This needs no changes to any Windows PCs. WPAD is “on” by default for so far all MS operating systems, even the latest server and win10.
Mac and Linux (Also iOS and Android) needs a tick in the browser - or in the OS to accept WPAD.
This works very well, and offers more options than “transparent” mode…
WPAD and Proxy are already ready in NethServer, only needs 2 DNS entries, both pointing to your Nethserver. These can be server aliases on NethServer DNS.
This works very well, I use this at over 25 sites…
My 2 cents
Andy
Hello
Whats mean this:
SECURITY ALERT: Host header forgery detected on local=13.107.42.23:443 remote=10.0.10.83:51515 FD 166 flags=33 (local IP does not match any domain IP)
2020/08/12 18:20:59 kid1| SECURITY ALERT: on URL: config.edge.skype.com:443
2020/08/12 18:21:04 kid1| SECURITY ALERT: Host header forgery detected on local=191.232.243.198:443 remote=10.0.10.67:51939 FD 208 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:04 kid1| SECURITY ALERT: on URL: checkappexec.microsoft.com:443
2020/08/12 18:21:09 kid1| SECURITY ALERT: Host header forgery detected on local=216.58.222.195:443 remote=10.0.10.161:55295 FD 235 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:09 kid1| SECURITY ALERT: on URL: beacons3.gvt2.com:443
2020/08/12 18:21:14 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60524 FD 189 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:14 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:14 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60531 FD 244 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:14 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:14 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60530 FD 251 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:14 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:14 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60526 FD 193 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:14 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:14 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60525 FD 192 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:14 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:14 kid1| SECURITY ALERT: Host header forgery detected on local=69.171.250.63:443 remote=10.0.20.170:50926 FD 34 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:14 kid1| SECURITY ALERT: on URL: graph.instagram.com:443
2020/08/12 18:21:17 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60532 FD 252 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:17 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:21 kid1| SECURITY ALERT: Host header forgery detected on local=104.16.97.25:443 remote=10.0.30.89:60534 FD 273 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:21 kid1| SECURITY ALERT: on URL: t.nitropdf.com:443
2020/08/12 18:21:24 kid1| SECURITY ALERT: Host header forgery detected on local=52.229.171.202:443 remote=10.0.20.107:61289 FD 57 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:24 kid1| SECURITY ALERT: on URL: slscr.update.microsoft.com:443
2020/08/12 18:21:29 kid1| SECURITY ALERT: Host header forgery detected on local=172.217.30.194:443 remote=10.0.10.74:55723 FD 234 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:29 kid1| SECURITY ALERT: on URL: googleads.g.doubleclick.net:443
2020/08/12 18:21:29 kid1| SECURITY ALERT: Host header forgery detected on local=23.203.25.228:443 remote=10.0.20.57:64609 FD 241 flags=33 (local IP does not match any domain IP)
2020/08/12 18:21:29 kid1| SECURITY ALERT: on URL: cdn.onenote.net:443
2020/08/12 18:21:34 kid1| ipcacheParse No Address records in response to ‘tile-service.weather.microsoft.com’
2020/08/12 18:21:39 kid1| SECURITY ALERT: Host header forgery detected on local=13.107.42.23:443 remote=10.0.20.33:61968 FD 187 flags=33 (local IP does not match any domain IP)
Hi
These logs are because in transparent mode, the Proxy can’t properly rewrite the Packets / their Headers, so wrong information are displayed to the host (in Internet)…
Say for example, you contact Skype.
Skype will see the packet coming from your Firewall (NethServer), but with a wrong IP.
In the packet itself, the correct IP is transported… This makes the target host unsure, if this is a spoofing attack, or a legitimate access…
Andy
Can some one brake or damage the squid only for piss off ?
I tink some one brake the squid
Actually, Squid is quite robust as is.
But any software can be broken, just let a talented bug-tester at it! Some people can break anything, just by using it! 
Like ultra surf can broke? What I can do if is broke? Re install the nethserver?
Ultrasurf bypasses the Proxy, it does not “break” the proxy.
If you think your Proxy in NethServer is broken, or not working correctly, you don’t have to reinstall the whole NethServer, it’s enough to uninstall the Proxy, clean up any folders and the esmith DB (var/lib/nethserver/db), then reinstall the Proxy.
Try using “manual” instead of Transparent, and make the two DNS entries needed in your internal DNS. (NethServer?)…
My 2 cents
Andy
Manual you means that in mozilla or chrome I have to put manually the ip of the proxy?
Manual usually means that, yes.
But you can use WPAD (Web Proxy Auto Detect), a very old Netscape Protocoll still supported by all browsers. Windows has this set as standard on all PCs, meaning you do not need to set anything in the PC, just check if it’s still active.
Only Mac / Windows workstations need that you set the Autodetect Proxy function…
This can be set in Browser or on OS level.
Windows no work is needed, except the two DNS aliases…
See WPAD in Wikipedia, for better understanding of what it means and how it works.
This is a sample / testenvironment with 2 PCs and one Linux Desktop:
Squid settings:
DNS Setting:
And Clients working:
Hope these help!
Andy
This means that either yum is still running in the background, or the local cache needs cleaning. Not really a problem, just click on “Clear Yum Cache” and it should go away in a few seconds…
You have WhatsApp or telegram, can I text you?