[squid-users] Users spamming squid logs

From: Daniel Appleby <dappleby@dont-contact.us>
Date: Mon, 30 Apr 2007 19:30:34 +1000

Hi,

We have an issue where peoples boxes that have java installed basically
hit our proxy continuously (java must get the settings from IE). The
proxy requires auth so it sends back a 407. The java updater ignores
this and tries again.

So our logs fill up with machines (only takes one or two) requesting the
same file and getting the same response time after time. This is most
cases peoples laptops so we it's hard to police the machines as they
come and go so quickly.

A snip of the spam we get:

1173963552.808 1 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.810 1 128.184.118.146 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.819 9 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.822 1 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.827 3 128.184.118.146 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.828 2 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.843 4 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.843 4 128.184.118.146 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.848 1 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.853 1 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.862 4 128.184.118.146 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.863 3 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.880 3 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html

Does anyone know a way to stop people doing this? I don't really want to
iptables them off. Can you restrict the number of requests per ip to a file?

Thanks
Daniel

-- 
-----------------------------------------------------------------------------
Daniel Appleby

Received on Mon Apr 30 2007 - 03:27:00 MDT

This message: [ Message body ]
Next message: Matus UHLAR - fantomas: "Re: [squid-users] Users spamming squid logs"
Previous message: squid squid: "Re: [squid-users] Make install error"
Next in thread: Matus UHLAR - fantomas: "Re: [squid-users] Users spamming squid logs"
Reply: Matus UHLAR - fantomas: "Re: [squid-users] Users spamming squid logs"
Reply: Adrian Chadd: "Re: [squid-users] Users spamming squid logs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT