squidram ram wrote:
> 1025314053.286 RELEASE FFFFFFFF 503 -1 -1
> -1
> unknown -1/1050 GET http://www/MSADC/root.exe?
>
> according to the format this may related to a IIS server hack
> attempt. but there is no specification of IP address or URl is
> coming in the log.
See access.log for IP information. store.log is only logging events in the
cache, not the cause to these events.
> in the same store log file, for the successfull attempts like
> www.google.com have the URL specification in the URL part of the
> log.
All URL's in access.log and store.log is truncated at ? unless you have
disabled strip_query_terms in squid.conf. This is to protect your users
privacy. Often login names, passwords and other sensitive information is
transmitted as query terms.
-- Basic free Squid support provided thanks to MARA Systems AB Your source of advanced reverse proxy solutions or customized Squid solutions. http://www.marasystems.com/products/Received on Mon Jul 01 2002 - 07:46:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:59 MST