Re: [squid-users] access.log+squid+wccpv2 from Henrik Nordstrom on 2003-04-17 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 17 Apr 2003 23:52:56 +0200

Your proxy is abused by spammers to send SMTP spam.

It seems you have completely disabled the access controls in Squid,
giving everyone in the whole world full freedom to use your proxy in
accessing any resource on the Internet.

See the http_access directive in your Squid configuration.

A good http_access ruleset looks something like:

[these lines are from the suggested default configuration]
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports

[the following lines are insterted where instructed to in the
suggested default configuraiton]

acl my_networks src 192.168.0.0/24 192.168.1.0/24 ...
http_access allow my_networks

[this is in the suggested default configuration, after where it is
indicated you should insert your access controls]
http_access deny all

Note: The default suggested squid configuration contains a number of
important rules which blocks this type of activity even if all other
access controls is left open (which you should not do, access should
be limited to only your users, not random users from the Internet).
As you probably understand there is very good reasons to why these
rules are there in the suggested default configuration. Removing them
is not a good idea unless you have very good reasons to do so.

Regards
Henrik

On Thursday 17 April 2003 14.19, Sukhjit Singh wrote:
> Dear all
>
> I am running squid+wccpv2 and i am getting these logs in my
> access.log these are not my ips then can anbody tell me why are
> these ips coming in my access.log
> and how to block these.
> This is degrading the performance of my squid machine.
>
>
>
> 63.246.131.190 - - [17/Apr/2003:15:43:58 +0530] "CONNECT
> 216.136.129.17:25 HTTP/1.0" 200 164 TCP_MISS:DIRECT
> 216.82.66.152 - - [17/Apr/2003:15:43:58 +0530] "CONNECT
> 152.163.224.26:25 HTTP/1.0" 200 511 TCP_MISS:DIRECT
> 63.246.131.190 - - [17/Apr/2003:15:43:58 +0530] "CONNECT
> 64.156.215.6:25 HTTP/1.0" 200 221 TCP_MISS:DIRECT
> 216.242.135.125 - - [17/Apr/2003:15:43:59 +0530] "CONNECT
> 64.12.137.184:25 HTTP/1.1" 200 511 TCP_MISS:DIRECT

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu Apr 17 2003 - 15:53:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:01 MST