Re: [squid-users] URGENT!! problem due to virus.

From: <Nithya_Ananth/MAA/IN/>
Date: Thu, 28 Feb 2002 12:11:21 +0530
  No luck.. Even I changed the order of acl also i am getting the same response. It is continously hitting my cache box. But cache denied it. If I see the access.log it is giving the error like
<IP_ADDRESS> GET://www.scripts/root.exe/ ? "HTTP/1.0" 403 414 TCP_DENIED:NONE
My access.log is hiting by this error like anything. and slowly the browsing is freezened. Is it becos anyother problem??? Pl hel me..
R.Nithya Ananth

-----Colin Campbell <> wrote: -----

To: Nithya_Ananth/MAA/IN/Antarix<Nithya_Ananth/MAA/IN/>
From: Colin Campbell <>
Date: 02/27/2002 10:35PM
cc: <>
Subject: Re: [squid-users] URGENT!! problem due to virus.

Hi,Someone replied to you yesterday. Their answer was that you have thehttp_access lines in the wrong order. If you read the FAQ you'll see that http_access lines are processed asthey are found. Your first line says allow officelan. Naturally, anyone onthat LAN is going to to be permitted regardles of whether they send a realrequest or a url mathcing your nimda ones.You need to reorder the lines:http_access deny nimda1http_access deny nimda2http_access deny nimda3http_access deny nimda4http_access allow officelanColinOn Wed, 27 Feb 2002 Nithya_Ananth/MAA/IN/ wrote:>      Our Caching server is working fine for the past 15 days. Now we> found a problem. If anyone from the internal segments generate virus.> it is directly hitting the cache, eventhough we put the ACL in the> squid.conf file. Our configuraton is as follows.> acl nimda1 url_regex root.exe> acl nimda2 url_regex command.exe> acl nimda3 url_regex readme.exe> acl nimda4 url_regex readme.eml>  > acl all src> acl src office! lan>  > http_access allow officelan>  > http_access deny nimda1> http_access deny nimda2> http_access deny nimda3> http_access deny nimda4>  > http_access deny all
Received on Wed Feb 27 2002 - 23:41:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST