> Hi Abhilash,
I think it is virus you can block this virus request, there are two ways
, you can block on router.HOw on router see given below link for
details.
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml
and secondly you can block on squid with url_regex.
acl codered url_regex ^http://www/scripts/root\.exe?
acl nimda urlpath_regex .*/winnt/system32/cmd.exe.*
.*/MSADC/root.exe..c.dir$ .*/scripts/root.exe..c.dir$
http_access deny nimda
http_access deny codered
put these four lines in squid conf and restart squid with option -k
reconfigure.
Rizwan Khan
>
> Subject: WCCP
> Date: Wed, 26 Sep 2001 08:03:55 -0700 (PDT)
> From: "Abhilash. V.M." <vmabhi@yahoo.com>
> To: squid-users@squid-cache.org
>
> Dear Squid geeks,
> Last day I implemented a wccp setup in our server,
> where we have 1 squid machine (Redhat linux 6.2) and
> wccp module is loaded in it.
>
> We have a Cisco 2621 router, which is the gateway to
> the network. after configuring the squid for wccp and
> after the same was configured in the linux server (we
> followed the guidelines mentioned in the squid faq) we
> observed that the cisco detects the cache server, and
> it forwards the packets to the squid server without
> any problem ( we tested it using #show ip wccp
> command)
>
> But we found that the access.log of squid shows some
> junk stuff (it only shows some missed requests).
> However, the size of the cache directory is increasing
> gradually.
>
> I am attaching the captured access.log.
> Any of u who has some clue abt it are requested to
> help me...!!
>
> Thank u, much in advance.
>
> Abhilash.V.M.
> Cochin, India.
>
>
>
Received on Thu Sep 27 2001 - 07:08:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:30 MST