RE: [squid-users] Outgoing http request?

Well, you have the source IP address of each request in your
access.log...

Regards
Henrik

ons 2003-01-29 klockan 18.51 skrev Devon Harding - GTHLA:
> The question is, how can I tell where the requests are originating from? I
> want to stop the source.
>
> -Devon
>
> -----Original Message-----
> From: Devon Harding - GTHLA
> Sent: Wednesday, January 29, 2003 12:26 PM
> To: 'Henrik Nordstrom'
> Cc: 'squid-users@squid-cache.org'
> Subject: RE: [squid-users] Outgoing http request?
>
> Fixed it!
> http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.11
>
> -Devon
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Wednesday, January 29, 2003 12:20 PM
> To: Devon Harding - GTHLA
> Cc: 'squid-users@squid-cache.org'; 'redhat-list@redhat.com'
> Subject: RE: [squid-users] Outgoing http request?
>
> To me it looks like you are running an open proxy and have many random
> users over the Internet using your proxy..
>
> Check your http_access rules. Firewalling the Squid port is also a good
> idea to avoid having uninvited users using the service..
>
> Regards
> Henrik
>
>
>
> ons 2003-01-29 klockan 15.36 skrev Devon Harding - GTHLA:
> > Well looking at my access.log, I noticed that squid is accessing websites
> > that no users have requested. I have not allowed any users to access the
> > cache. These requests are coming from squid itself. I think its some
> kind
> > of worm or virus that has affected squid.
> >
> > 61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET
> > http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504
> > 1069 TCP_MISS:NONE
> > 219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET
> > http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045
> > TCP_MISS:NONE
> > 67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST
> > http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063
> > TCP_MISS:NONE
> > 219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET
> > http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057
> > TCP_MISS:NONE
> > 219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET
> > http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049
> > TCP_MISS:NONE
> > 200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET
> > http://www.topmoxie.com/external/builds/common/equivalent_domains.htm
> > HTTP/1.0" 504 1096 TCP_MISS:NONE
> > 218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET
> > http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057
> > TCP_MISS:NONE
> > 165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
> > http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
> > TCP_MISS:NONE
> >
> > -Devon
> >
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> > Sent: Tuesday, January 28, 2003 9:23 PM
> > To: Devon Harding - GTHLA
> > Cc: 'squid-users@squid-cache.org'; 'redhat-list@redhat.com'
> > Subject: Re: [squid-users] Outgoing http request?
> >
> > ???
> >
> > Squid is not a web server. Squid is a proxy. If you have users using the
> > Squid proxy then each request sent by these users to the proxy will
> > result in a HTTP request sent by Squid.
> >
> > Regards
> > Henrik
> >
> > Devon Harding - GTHLA wrote:
> > >
> > > I noticed in my log, I have out going http request from my squid web
> > > servers.
> > >
> > > No one is on this machine, how are these requests being initiated? Is
> this
> > a
> > > hack attempt?
> > >
> > > System is rhl7.3
> > >
> > > _____________________
> > > Devon Harding
> > > System Administrator
> > > Gilat Latin America
> > > 954-858-1600
> > > dharding@gilatla.com <mailto:dharding@gilathla.com>
> > >
> > > This e-mail is intended for the above named addressee(s), and may
> contain
> > > information which is confidential or privileged. If you are not the
> > intended
> > > recipient, please inform us immediately: you should not copy or use this
> > > e-mail for any purpose nor disclose its contents to any person.
> > >

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden