On Mon, 10 Jan 2005, Diamond King wrote:
> I`ve checked the configuration file and it seems
> that only port 443 and 563 were connected to SSL_Ports
> acl rule.
You then have some error in your http_access rules, allowing things you
did not intend to allow.
>>> 192.168.25.220 - - [10/Jan/2005:11:24:38 +0800]
>>> "CONNECT 213.103.81.214:3518 HTTP/1.0" 200 223
>>> TCP_MISS:DIRECT
> What's the usage of port 563 anyway?
nntps, NNTP over SSL. Supported by many browsers and is why it is in the
default allowed list.
> By the way, any other way to check what exactly those logs for? is it
> attempt by kazaa users? Thanks again!
If you are lucky then a meaningful user-agent string is included.. visible
if you enable log_mime_hdrs. But most likely this is blank or forged.
Regards
Henrik
Received on Mon Jan 10 2005 - 19:25:10 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST