Re: [squid-users] Issue with some files and templates

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Sat, 03 Apr 2010 21:11:34 +0200

fre 2010-04-02 klockan 20:30 +0100 skrev Adam_at_Gmail:

> My http_port settings are

Nothing obviously odd there, except that you should not need the 3128
port.

So keep a close eye on access.log of both Squid and your web server when
seeing the problem.

> I have this in my cache.log but I don't know where it's coming from
>
> WARNING: CONNECT method received on http Accelerator port 3128

Someone is trying to use your reverse proxy port as a normal proxy. See
access.log for who.

> lientProcessRequest: Invalid Request
> 2010/04/02 13:35:00| Failed to select source for 'http://mysite.net/'
> 2010/04/02 13:35:00| always_direct = 0
> 2010/04/02 13:35:00| never_direct = 0
> 2010/04/02 13:35:00| timedout = 0

Not mysite.net is in your list of sites for the main server.

> 2010/04/02 13:46:43| Failed to select source for
> 'http://81.XX.XX.XX/install.txt' ((This is my public IP)

Probably a bot looking for a known vulnerability in some other server /
shopping cart application. Nothing to worry about.

> And finally my access.log fills up within minutes, it is now in the size of
> 23, 780, 835 bytes (23.5 MB)
> This is far too large, sometimes it's even difficult to empty them, as they
> won't open because they are too large.
> Any ideas please? I have tried the squid -k rotate but it doesn't seem to
> work for the access.log

access.log is rotated by "squid -k rotate" just as the other logs. But
maybe your Squid is configured for using external rotation by logrotate
or similar..

> access.log
> 1270183340.294 615 204.152.200.138 TCP_MISS/200 167 CONNECT
> 203.188.197.10:25 - DIRECT/203.188.197.10 -

Ouch.. someone are using your server as a spam relay.

Do you have any http_port not configured in accel mode?

> For the above question, the answer is yes if it is what I understood
> the bottom one I didn't understand what you meant
>
> " > Including host component."

scheme://hostcomponent/urlpath

Regards
Henrik
Received on Sat Apr 03 2010 - 19:08:59 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 04 2010 - 12:00:03 MDT