RE: [squid-users] Outgoing http request?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 29 Jan 2003 18:55:31 +0100

By controlling which destinations are allowed to be reached. see the dst
and dstdomain acl types.

Example:

acl to_my_servers dst 192.168.1.0/24
acl port80 port 80
acl http protocol http

http_access allow http port80 to_my_servers

http_access deny all

Regards
Henrik

ons 2003-01-29 klockan 16.37 skrev Devon Harding - GTHLA:
> Ok, how do I configure squid to reverse proxy (httpd_accel) to only one host
> or network? That way if someone tries to use my squid to proxy back to the
> internet, it will fail.
>
> -Devon
>
> -----Original Message-----
> From: Tesla 13 [mailto:tesla1313@hotmail.com]
> Sent: Wednesday, January 29, 2003 10:00 AM
> To: Devon Harding - GTHLA
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] Outgoing http request?
>
> Is this squid log or your web server's log? Just kidding.
>
> Shut squid down. It looks like your machine is being used as an open proxy
> server by the world. It might be advisable to unplug hte machine from the
> network since you are running a proxy server without knowing difference
> between a proxy server and web server and therefore unwillingly helping
> useless people on the net.
>
> Tesla
>
>
> >From: Devon Harding - GTHLA <DHarding@gilatla.com>
> >To: 'Henrik Nordstrom' <hno@squid-cache.org>
> >CC: "'squid-users@squid-cache.org'" <squid-users@squid-cache.org>,
> >"'redhat-list@redhat.com'" <redhat-list@redhat.com>
> >Subject: RE: [squid-users] Outgoing http request?
> >Date: Wed, 29 Jan 2003 09:36:46 -0500
> >
> >Well looking at my access.log, I noticed that squid is accessing websites
> >that no users have requested. I have not allowed any users to access the
> >cache. These requests are coming from squid itself. I think its some kind
> >of worm or virus that has affected squid.
> >
> >61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET
> >http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504
> >1069 TCP_MISS:NONE
> >219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET
> >http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045
> >TCP_MISS:NONE
> >67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST
> >http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063
> >TCP_MISS:NONE
> >219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET
> >http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057
> >TCP_MISS:NONE
> >219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET
> >http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049
> >TCP_MISS:NONE
> >200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET
> >http://www.topmoxie.com/external/builds/common/equivalent_domains.htm
> >HTTP/1.0" 504 1096 TCP_MISS:NONE
> >218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET
> >http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057
> >TCP_MISS:NONE
> >165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
> >http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
> >TCP_MISS:NONE
> >
> >-Devon
> >
> >-----Original Message-----
> >From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> >Sent: Tuesday, January 28, 2003 9:23 PM
> >To: Devon Harding - GTHLA
> >Cc: 'squid-users@squid-cache.org'; 'redhat-list@redhat.com'
> >Subject: Re: [squid-users] Outgoing http request?
> >
> >???
> >
> >Squid is not a web server. Squid is a proxy. If you have users using the
> >Squid proxy then each request sent by these users to the proxy will
> >result in a HTTP request sent by Squid.
> >
> >Regards
> >Henrik
> >
> >Devon Harding - GTHLA wrote:
> > >
> > > I noticed in my log, I have out going http request from my squid web
> > > servers.
> > >
> > > No one is on this machine, how are these requests being initiated? Is
> >this
> >a
> > > hack attempt?
> > >
> > > System is rhl7.3
> > >
> > > _____________________
> > > Devon Harding
> > > System Administrator
> > > Gilat Latin America
> > > 954-858-1600
> > > dharding@gilatla.com <mailto:dharding@gilathla.com>
> > >
> > > This e-mail is intended for the above named addressee(s), and may
> >contain
> > > information which is confidential or privileged. If you are not the
> >intended
> > > recipient, please inform us immediately: you should not copy or use this
> > > e-mail for any purpose nor disclose its contents to any person.
> > >
>
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Wed Jan 29 2003 - 10:55:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:57 MST