Re: [squid-users] Squid Reverse Proxy. Attempted connections to domains we do not host?

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Mon, 12 Aug 2013 12:17:58 +0300

On 08/12/2013 10:56 AM, Antony Stone wrote:
> On Monday 12 August 2013 at 09:18:24, PSA4444 wrote:
>
>> We are seeing entries like this in our squid access log:
>>
>> 1376290358.781 151 198.2.208.203 TCP_MISS/200 916 GET
>> http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18
>> text/html
>
> People (or rather, bots) searching for open proxies...
>
The main problem is not that people use your reverse proxy but rather
why your proxy as a reverse proxy serves these queries??
if you would share your squid.conf(not in public) I would be happy to
assist you fix the main issues with it.

Eliezer

>> How can this one even happen:
>> 1376291144.757 879 216.244.78.166 TCP_MISS/302 1057 GET
>> http://203.208.46.128/search? - HIER_DIRECT/203.208.46.128 text/html ?
>
> The URL (in this case, an IP address) you see in the GET request is not
> necessarily the same as the IP they connected to...
>
>> No idea what this means. I know I could add entries like this by creating
>> a hosts file entry to point fake.domain.com to our server but surely it's
>> not people doing this?
>
> Bots.
>
> Is there a good reason why your Squid is listening on a pub;lic IP address?
>
>
> Antony.
>
Received on Mon Aug 12 2013 - 09:18:25 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 12 2013 - 12:00:07 MDT