Well, you have the source IP address of each request in your access.log... Regards Henrik
ons 2003-01-29 klockan 18.51 skrev Devon Harding - GTHLA: > The question is, how can I tell where the requests are originating from? I > want to stop the source. > > -Devon > > -----Original Message----- > From: Devon Harding - GTHLA > Sent: Wednesday, January 29, 2003 12:26 PM > To: 'Henrik Nordstrom' > Cc: '[EMAIL PROTECTED]' > Subject: RE: [squid-users] Outgoing http request? > > Fixed it! > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.11 > > -Devon > > -----Original Message----- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 29, 2003 12:20 PM > To: Devon Harding - GTHLA > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > Subject: RE: [squid-users] Outgoing http request? > > To me it looks like you are running an open proxy and have many random > users over the Internet using your proxy.. > > Check your http_access rules. Firewalling the Squid port is also a good > idea to avoid having uninvited users using the service.. > > Regards > Henrik > > > > ons 2003-01-29 klockan 15.36 skrev Devon Harding - GTHLA: > > Well looking at my access.log, I noticed that squid is accessing websites > > that no users have requested. I have not allowed any users to access the > > cache. These requests are coming from squid itself. I think its some > kind > > of worm or virus that has affected squid. > > > > 61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET > > http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504 > > 1069 TCP_MISS:NONE > > 219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET > > http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045 > > TCP_MISS:NONE > > 67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST > > http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063 > > TCP_MISS:NONE > > 219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET > > http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057 > > TCP_MISS:NONE > > 219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET > > http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049 > > TCP_MISS:NONE > > 200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET > > http://www.topmoxie.com/external/builds/common/equivalent_domains.htm > > HTTP/1.0" 504 1096 TCP_MISS:NONE > > 218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET > > http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057 > > TCP_MISS:NONE > > 165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET > > http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045 > > TCP_MISS:NONE > > > > -Devon > > > > -----Original Message----- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 28, 2003 9:23 PM > > To: Devon Harding - GTHLA > > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > > Subject: Re: [squid-users] Outgoing http request? > > > > ??? > > > > Squid is not a web server. Squid is a proxy. If you have users using the > > Squid proxy then each request sent by these users to the proxy will > > result in a HTTP request sent by Squid. > > > > Regards > > Henrik > > > > Devon Harding - GTHLA wrote: > > > > > > I noticed in my log, I have out going http request from my squid web > > > servers. > > > > > > No one is on this machine, how are these requests being initiated? Is > this > > a > > > hack attempt? > > > > > > System is rhl7.3 > > > > > > _____________________ > > > Devon Harding > > > System Administrator > > > Gilat Latin America > > > 954-858-1600 > > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > This e-mail is intended for the above named addressee(s), and may > contain > > > information which is confidential or privileged. If you are not the > > intended > > > recipient, please inform us immediately: you should not copy or use this > > > e-mail for any purpose nor disclose its contents to any person. > > > -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
