Lee Norvall wrote:
>
> Hello all
>
> I would like to know if there is a way (and how) of alerting a network admin
> via e-mail if someone tries to access a band url, i.e.
> http://www/MSADC/root.exe? (or such other) though squid form a list of
> allowed IP addresses?? This would then allow me to alert the customer as
> soon as it is detected, value added service!
You don't want an email on each and every request.
I would say this is a classical case of log processing.
Squid provides you with the logs required. Writing a small log extractor
that extracts the "abusing" IP addresses is a fairly small job, and
having them mailed to you is even simpler.
No, deny_info won't help much here. It is about providing the user (i.e.
the Nimda virus in this case) with a nice error message explaining why
the request was blocked.
Another approach to log processing is to redirect these banned requests
to a special HTTP server who takes the required actions automatically.
Redirection can be done either by a redirector helper, or by using
cache_peer+cache_peer_access.
Regards
Henrik Nordström
Squid Hacker
Received on Wed Oct 03 2001 - 04:14:36 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:35 MST