If you want to block from the source, the following should work if you have internal IP addresses 90.0.0.1-254:
acl our_networks src 90.0.0.0/255.255.255.0
acl all src 0.0.0.0/0
http_access allow our_networks
http_access deny all
I advise you shut down squid until you can get it working the way it is supposed to work so that they would not steal your system resources.
Tesla
From: Devon Harding - GTHLA <[EMAIL PROTECTED]>
To: 'Henrik Nordstrom' <[EMAIL PROTECTED]>
CC: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: [squid-users] Outgoing http request?
Date: Wed, 29 Jan 2003 12:51:38 -0500
The question is, how can I tell where the requests are originating from? I
want to stop the source.
-Devon
-----Original Message-----
From: Devon Harding - GTHLA
Sent: Wednesday, January 29, 2003 12:26 PM
To: 'Henrik Nordstrom'
Cc: '[EMAIL PROTECTED]'
Subject: RE: [squid-users] Outgoing http request?
Fixed it!
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.11
-Devon
-----Original Message-----
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 29, 2003 12:20 PM
To: Devon Harding - GTHLA
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: RE: [squid-users] Outgoing http request?
To me it looks like you are running an open proxy and have many random
users over the Internet using your proxy..
Check your http_access rules. Firewalling the Squid port is also a good
idea to avoid having uninvited users using the service..
Regards
Henrik
ons 2003-01-29 klockan 15.36 skrev Devon Harding - GTHLA:
> Well looking at my access.log, I noticed that squid is accessing websites
> that no users have requested. I have not allowed any users to access the
> cache. These requests are coming from squid itself. I think its some
kind
> of worm or virus that has affected squid.
>
> 61.21.247.37 - - [29/Jan/2003:11:36:22 -0500] "GET
> http://home.hanmir.com/%7Eueookjtsou/report/report0635.gif HTTP/1.0" 504
> 1069 TCP_MISS:NONE
> 219.106.192.133 - - [29/Jan/2003:11:36:26 -0500] "GET
> http://home.hanmir.com/~mrtu82bv3/ss2_0744.jpg HTTP/1.0" 504 1045
> TCP_MISS:NONE
> 67.85.244.205 - - [29/Jan/2003:11:36:38 -0500] "POST
> http://www.sparkfind.com/cgi-bin/search/smartsearch.cgi HTTP/1.0" 504 1063
> TCP_MISS:NONE
> 219.98.86.182 - - [29/Jan/2003:11:36:42 -0500] "GET
> http://www.directpornstar.com/dmay/n1/WWL01_1051.gif HTTP/1.0" 504 1057
> TCP_MISS:NONE
> 219.181.160.56 - - [29/Jan/2003:11:36:46 -0500] "GET
> http://home.hanmir.com/%7Eyabwweo487/egg0412.jpg HTTP/1.0" 504 1049
> TCP_MISS:NONE
> 200.198.194.146 - - [29/Jan/2003:11:36:52 -0500] "GET
> http://www.topmoxie.com/external/builds/common/equivalent_domains.htm
> HTTP/1.0" 504 1096 TCP_MISS:NONE
> 218.222.245.221 - - [29/Jan/2003:11:37:10 -0500] "GET
> http://210.138.105.147/0616/anime66/anime6601-23.zip HTTP/1.1" 504 1057
> TCP_MISS:NONE
> 165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
> http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
> TCP_MISS:NONE
>
> -Devon
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 28, 2003 9:23 PM
> To: Devon Harding - GTHLA
> Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: Re: [squid-users] Outgoing http request?
>
> ???
>
> Squid is not a web server. Squid is a proxy. If you have users using the
> Squid proxy then each request sent by these users to the proxy will
> result in a HTTP request sent by Squid.
>
> Regards
> Henrik
>
> Devon Harding - GTHLA wrote:
> >
> > I noticed in my log, I have out going http request from my squid web
> > servers.
> >
> > No one is on this machine, how are these requests being initiated? Is
this
> a
> > hack attempt?
> >
> > System is rhl7.3
> >
> > _____________________
> > Devon Harding
> > System Administrator
> > Gilat Latin America
> > 954-858-1600
> > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> >
> > This e-mail is intended for the above named addressee(s), and may
contain
> > information which is confidential or privileged. If you are not the
> intended
> > recipient, please inform us immediately: you should not copy or use this
> > e-mail for any purpose nor disclose its contents to any person.
> >
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
