[squid-users] access.log+squid+wccpv2 from Sukhjit Singh on 2003-04-17 (squid-users)

From: Sukhjit Singh <sukhjits@dont-contact.us>
Date: Thu, 17 Apr 2003 17:49:41 +0530

Dear all

I am running squid+wccpv2 and i am getting these logs in my access.log
these are not my ips then can anbody tell me why are these ips coming in my
access.log
and how to block these.
This is degrading the performance of my squid machine.

63.246.131.190 - - [17/Apr/2003:15:43:58 +0530] "CONNECT 216.136.129.17:25
HTTP/1.0" 200 164 TCP_MISS:DIRECT
216.82.66.152 - - [17/Apr/2003:15:43:58 +0530] "CONNECT 152.163.224.26:25
HTTP/1.0" 200 511 TCP_MISS:DIRECT
63.246.131.190 - - [17/Apr/2003:15:43:58 +0530] "CONNECT 64.156.215.6:25
HTTP/1.0" 200 221 TCP_MISS:DIRECT
216.242.135.125 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.12.137.184:25
HTTP/1.1" 200 511 TCP_MISS:DIRECT
216.82.66.152 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 66.73.20.19:25
HTTP/1.0" 200 300 TCP_MISS:DIRECT
66.111.52.180 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.157.4.83:25
HTTP/1.0" 200 217 TCP_MISS:DIRECT
66.111.61.170 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.156.215.5:25
HTTP/1.0" 200 221 TCP_MISS:DIRECT
63.246.131.180 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.157.4.84:25
HTTP/1.0" 200 217 TCP_MISS:DIRECT
63.246.131.190 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.157.4.82:25
HTTP/1.0" 200 217 TCP_MISS:DIRECT
63.246.131.40 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 209.240.213.200:25
HTTP/1.0" 503 0 TCP_MISS:DIRECT
216.240.147.149 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 206.123.6.11:25
HTTP/1.0" 503 0 TCP_MISS:DIRECT
63.246.131.160 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 209.240.213.200:25
HTTP/1.0" 503 0 TCP_MISS:DIRECT
216.240.147.81 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 64.157.4.82:25
HTTP/1.0" 200 163 TCP_MISS:DIRECT
63.246.129.10 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 64.12.138.152:25
HTTP/1.0" 200 511 TCP_MISS:DIRECT
139.81.47.35 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 216.136.129.17:25
HTTP/1.0" 200 164 TCP_MISS:DIRECT
139.81.47.35 - - [17/Apr/2003:15:44:01 +0530] "CONNECT 64.156.215.6:25
HTTP/1.0" 200 221 TCP_MISS:DIRECT
216.240.147.149 - - [17/Apr/2003:15:44:01 +0530] "CONNECT 207.112.196.1:25
HTTP/1.0" 200 195 TCP_MISS:DIRECT
216.242.135.125 - - [17/Apr/2003:15:44:01 +0530] "CONNECT 207.69.200.30:25
HTTP/1.1" 200 328 TCP_MISS:DIRECT
63.246.131.180 - - [17/Apr/2003:15:44:02 +0530] "CONNECT 64.156.215.6:25
HTTP/1.0" 200 221 TCP_MISS:DIRECT
139.81.47.34 - - [17/Apr/2003:15:44:02 +0530] "CONNECT 64.156.215.5:25
HTTP/1.0" 200 221 TCP_MISS:DIRECT
139.81.47.35 - - [17/Apr/2003:15:44:02 +0530] "CONNECT 66.218.86.253:25
HTTP/1.0" 200 164 TCP_MISS:DIRECT
63.246.131.160 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 64.84.96.21:25
HTTP/1.0" 503 0 TCP_MISS:DIRECT
66.111.36.120 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 216.136.129.17:25
HTTP/1.0" 200 164 TCP_MISS:DIRECT
66.111.61.170 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 64.156.215.5:25
HTTP/1.0" 200 221 TCP_MISS:DIRECT
216.242.135.124 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 209.107.130.2:25
HTTP/1.1" 503 0 TCP_MISS:DIRECT
66.111.52.180 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 207.69.200.17:25
HTTP/1.0" 200 329 TCP_MISS:DIRECT
66.111.36.120 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 64.81.13.151:25
HTTP/1.0" 503 0 TCP_MISS:DIRECT
216.240.135.10 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 216.136.129.15:25
HTTP/1.0" 200 39 TCP_MISS:DIRECT
216.112.103.110 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 64.157.4.84:25
HTTP/1.1" 200 39 TCP_MISS:DIRECT

Regards

   Sukhjit Singh
   Network Administrator
   Emmsons Infotech Ltd.
   SCO 13-14-15, Sec 34A,
   Chandigarh-160 022
   (Ph): +91 172 606664
   Mobile 9815228132
   sukhjits@emmtel.com
   http://www.emmtel.com

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Hegedus, Ervin" <airween@amit.hu>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, April 17, 2003 5:09 PM
Subject: Re: [squid-users] interesting auth question

> tor 2003-04-17 klockan 12.59 skrev Hegedus, Ervin:
>
> > but, when i look basic method, i never find some info about
> > proxy-auth-required info (user/password, or else):
> > .*/*..Accept-Lan
> > guage:.hu..Proxy
> > -Authorization:.
> > Basic.YWlyd2Vlbj
> > phaXI=..User-Age
> > nt:.Mozilla/4.0.
> > ...
> >
> > here is just an Authorization: string, and some (coded) string.
>
> Proxy-Authorization: Basic YWlyd2VlbjphaXI=
>
> This says that the browser send Basic HTTP Authentication user
> credentials, and the encoded string (BASE64 encoded login:password)
> says:
>
> Login: airween
> Password: air
>
> > what did i forget?
>
> Nothing. Everything is normal.
>
> For all gory details on both Basic and Digest authentication see
> RFC2617.
> --
> Free Squid-users support provided by Henrik Nordström
<hno@squid-cache.org>
> Donations welcome if you consider my Free Squid support helpful.
> https://www.paypal.com/xclick/business=hno%40squid-cache.org
>
> If you need commercial Squid support or cost effective Squid and
> firewall appliances please refer to MARA Systems AB, Sweden
> http://www.marasystems.com/, info@marasystems.com
>
>
Received on Thu Apr 17 2003 - 06:43:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:01 MST