[squid-users] URGENT!! problem due to virus.

From: <Nithya_Ananth/MAA/IN/Antarix@dont-contact.us>
Date: Wed, 27 Feb 2002 12:28:13 +0530
  we are using squid caching server for our corporate purpose.  The details are as follows.
OS    :    RedHat Linux 6.2
Wccp : Version 1
Router: Cisco 7206
Squid : squid 2.3
     Our Caching server is working fine for the past 15 days. Now we found a problem. If anyone from the internal segments generate virus. it is directly hitting the cache, eventhough we put the ACL in the squid.conf file. Our configuraton is as follows.
acl nimda1 url_regex root.exe
acl nimda2 url_regex command.exe
acl nimda3 url_regex readme.exe
acl nimda4 url_regex readme.eml
acl all src
acl src office! lan
http_access allow officelan
http_access deny nimda1
http_access deny nimda2
http_access deny nimda3
http_access deny nimda4
http_access deny all
Becos our corporate proxy IP is So we want to get the requests only from the particular ip(For our security issues). But if any of the system in the same Network ( has virus , simply it is hitting the caching server and the performance is degraded like anything. No other users can able to browse.
   Also I have put the ipchains rule in the Linux Box. My IP chain rule is as follows
ipchains -A input -s -d 80 -j 3128 REDIRECT (This is for my Squid operation, it has to redirect the input to port 3128)
ipchains -A input -s -d -j ACCEPT
ipchains -A input -s -d -j DENY
   is there any solution to overcome this. How to restrict the Virus attack.is the bug in squid? or is the problem in wccp1.0? Can any one help me?
R.Nithya ananth

Received on Wed Feb 27 2002 - 01:21:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:33 MST