if you are running squid box on Linux or Unix then you can use Linux or Unix
firewall .... like
ipcahins, iptables and for unix ipfw etccc
you can also block these IPs from router I will suggest use ip access list
for wccp port 80 traffic redirecting .....
Best Regs,
Masood Ahmad Shah
System Administrator
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
| * * * * * * * * * * * * * * * * * * * * * * * *
| Fibre Net (Pvt) Ltd. Lahore, Pakistan
| Tel: +92-42-6677024
| Mobile: +92-300-4277367
| http://www.fibre.net.pk
| * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
----- Original Message -----
From: "Sukhjit Singh" <sukhjits@emmtel.com>
To: "Henrik Nordstrom" <hno@squid-cache.org>; "Hegedus, Ervin"
<airween@amit.hu>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, April 17, 2003 5:19 PM
Subject: [squid-users] access.log+squid+wccpv2
| Dear all
|
| I am running squid+wccpv2 and i am getting these logs in my access.log
| these are not my ips then can anbody tell me why are these ips coming in
my
| access.log
| and how to block these.
| This is degrading the performance of my squid machine.
|
|
|
| 63.246.131.190 - - [17/Apr/2003:15:43:58 +0530] "CONNECT 216.136.129.17:25
| HTTP/1.0" 200 164 TCP_MISS:DIRECT
| 216.82.66.152 - - [17/Apr/2003:15:43:58 +0530] "CONNECT 152.163.224.26:25
| HTTP/1.0" 200 511 TCP_MISS:DIRECT
| 63.246.131.190 - - [17/Apr/2003:15:43:58 +0530] "CONNECT 64.156.215.6:25
| HTTP/1.0" 200 221 TCP_MISS:DIRECT
| 216.242.135.125 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.12.137.184:25
| HTTP/1.1" 200 511 TCP_MISS:DIRECT
| 216.82.66.152 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 66.73.20.19:25
| HTTP/1.0" 200 300 TCP_MISS:DIRECT
| 66.111.52.180 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.157.4.83:25
| HTTP/1.0" 200 217 TCP_MISS:DIRECT
| 66.111.61.170 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.156.215.5:25
| HTTP/1.0" 200 221 TCP_MISS:DIRECT
| 63.246.131.180 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.157.4.84:25
| HTTP/1.0" 200 217 TCP_MISS:DIRECT
| 63.246.131.190 - - [17/Apr/2003:15:43:59 +0530] "CONNECT 64.157.4.82:25
| HTTP/1.0" 200 217 TCP_MISS:DIRECT
| 63.246.131.40 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 209.240.213.200:25
| HTTP/1.0" 503 0 TCP_MISS:DIRECT
| 216.240.147.149 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 206.123.6.11:25
| HTTP/1.0" 503 0 TCP_MISS:DIRECT
| 63.246.131.160 - - [17/Apr/2003:15:44:00 +0530] "CONNECT
209.240.213.200:25
| HTTP/1.0" 503 0 TCP_MISS:DIRECT
| 216.240.147.81 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 64.157.4.82:25
| HTTP/1.0" 200 163 TCP_MISS:DIRECT
| 63.246.129.10 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 64.12.138.152:25
| HTTP/1.0" 200 511 TCP_MISS:DIRECT
| 139.81.47.35 - - [17/Apr/2003:15:44:00 +0530] "CONNECT 216.136.129.17:25
| HTTP/1.0" 200 164 TCP_MISS:DIRECT
| 139.81.47.35 - - [17/Apr/2003:15:44:01 +0530] "CONNECT 64.156.215.6:25
| HTTP/1.0" 200 221 TCP_MISS:DIRECT
| 216.240.147.149 - - [17/Apr/2003:15:44:01 +0530] "CONNECT 207.112.196.1:25
| HTTP/1.0" 200 195 TCP_MISS:DIRECT
| 216.242.135.125 - - [17/Apr/2003:15:44:01 +0530] "CONNECT 207.69.200.30:25
| HTTP/1.1" 200 328 TCP_MISS:DIRECT
| 63.246.131.180 - - [17/Apr/2003:15:44:02 +0530] "CONNECT 64.156.215.6:25
| HTTP/1.0" 200 221 TCP_MISS:DIRECT
| 139.81.47.34 - - [17/Apr/2003:15:44:02 +0530] "CONNECT 64.156.215.5:25
| HTTP/1.0" 200 221 TCP_MISS:DIRECT
| 139.81.47.35 - - [17/Apr/2003:15:44:02 +0530] "CONNECT 66.218.86.253:25
| HTTP/1.0" 200 164 TCP_MISS:DIRECT
| 63.246.131.160 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 64.84.96.21:25
| HTTP/1.0" 503 0 TCP_MISS:DIRECT
| 66.111.36.120 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 216.136.129.17:25
| HTTP/1.0" 200 164 TCP_MISS:DIRECT
| 66.111.61.170 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 64.156.215.5:25
| HTTP/1.0" 200 221 TCP_MISS:DIRECT
| 216.242.135.124 - - [17/Apr/2003:15:44:03 +0530] "CONNECT 209.107.130.2:25
| HTTP/1.1" 503 0 TCP_MISS:DIRECT
| 66.111.52.180 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 207.69.200.17:25
| HTTP/1.0" 200 329 TCP_MISS:DIRECT
| 66.111.36.120 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 64.81.13.151:25
| HTTP/1.0" 503 0 TCP_MISS:DIRECT
| 216.240.135.10 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 216.136.129.15:25
| HTTP/1.0" 200 39 TCP_MISS:DIRECT
| 216.112.103.110 - - [17/Apr/2003:15:44:04 +0530] "CONNECT 64.157.4.84:25
| HTTP/1.1" 200 39 TCP_MISS:DIRECT
|
|
|
|
| Regards
|
| Sukhjit Singh
| Network Administrator
| Emmsons Infotech Ltd.
| SCO 13-14-15, Sec 34A,
| Chandigarh-160 022
| (Ph): +91 172 606664
| Mobile 9815228132
| sukhjits@emmtel.com
| http://www.emmtel.com
|
| ----- Original Message -----
| From: "Henrik Nordstrom" <hno@squid-cache.org>
| To: "Hegedus, Ervin" <airween@amit.hu>
| Cc: <squid-users@squid-cache.org>
| Sent: Thursday, April 17, 2003 5:09 PM
| Subject: Re: [squid-users] interesting auth question
|
|
| > tor 2003-04-17 klockan 12.59 skrev Hegedus, Ervin:
| >
| > > but, when i look basic method, i never find some info about
| > > proxy-auth-required info (user/password, or else):
| > > .*/*..Accept-Lan
| > > guage:.hu..Proxy
| > > -Authorization:.
| > > Basic.YWlyd2Vlbj
| > > phaXI=..User-Age
| > > nt:.Mozilla/4.0.
| > > ...
| > >
| > > here is just an Authorization: string, and some (coded) string.
| >
| > Proxy-Authorization: Basic YWlyd2VlbjphaXI=
| >
| > This says that the browser send Basic HTTP Authentication user
| > credentials, and the encoded string (BASE64 encoded login:password)
| > says:
| >
| > Login: airween
| > Password: air
| >
| > > what did i forget?
| >
| > Nothing. Everything is normal.
| >
| > For all gory details on both Basic and Digest authentication see
| > RFC2617.
| > --
| > Free Squid-users support provided by Henrik Nordström
| <hno@squid-cache.org>
| > Donations welcome if you consider my Free Squid support helpful.
| > https://www.paypal.com/xclick/business=hno%40squid-cache.org
| >
| > If you need commercial Squid support or cost effective Squid and
| > firewall appliances please refer to MARA Systems AB, Sweden
| > http://www.marasystems.com/, info@marasystems.com
| >
| >
|
|
Received on Thu Apr 17 2003 - 06:54:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:01 MST