We are seeing entries like this in our squid access log:
1376290358.781 151 198.2.208.203 TCP_MISS/200 916 GET
http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18
text/html
1376290358.813 150 198.2.208.203 TCP_MISS/200 916 GET
http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18
text/html
1376290362.235 151 198.2.208.203 TCP_MISS/200 914 GET
http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18
text/html
1376290369.401 276 46.102.93.254 TCP_MISS/200 4850 GET
http://www.baidu.com/ - HIER_DIRECT/180.76.3.151 text/html
1376290370.041 663 199.180.100.170 TCP_MISS/200 9183 GET
http://www.google.tm/ - HIER_DIRECT/74.125.237.120 text/html
1376290370.455 1128 216.244.78.163 TCP_MISS/200 12491 GET
http://www.google.com.uy/ - HIER_DIRECT/74.125.237.119 text/html
1376290375.713 3449 198.52.120.152 TCP_MISS/302 840 POST
http://shelivedinashoe.com/wp-comments-post.php - HIER_DIRECT/97.74.26.128
text/html
It looks like someone else's traffic is somehow being routed through our
proxy??
How can this one even happen:
1376291144.757 879 216.244.78.166 TCP_MISS/302 1057 GET
http://203.208.46.128/search? - HIER_DIRECT/203.208.46.128 text/html ?
No idea what this means. I know I could add entries like this by creating a
hosts file entry to point fake.domain.com to our server but surely it's not
people doing this?
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Reverse-Proxy-Attempted-connections-to-domains-we-do-not-host-tp4661522.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Mon Aug 12 2013 - 07:19:11 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 18 2013 - 12:00:09 MDT