Hi everyone, We notice that a number of our cache user are doing a port 80 scan across a range of IP addresses. As the destination IP are rather random, is there any way we can configure Squid to deny such a request pattern?
Squid's access log-------------------------------------------------- 1069968709.859 3404 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.7/ - NONE/- - 1069968709.859 3404 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.8/ - NONE/- - 1069968709.859 3404 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.9/ - NONE/- - 1069968709.859 3380 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.10/ - NONE/- - 1069968709.859 3380 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.11/ - NONE/- - 1069968709.859 3380 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.12/ - NONE/- - 1069968709.859 3369 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.13/ - NONE/- - 1069968710.088 3599 OURIPADDRESS TCP_MISS/000 0 GET = http://218.69.28.15/ - NONE/- - HTTP Header------------------------------------------------ GET / HTTP/1.1..Accept: image/gif, image/x-xbitmap, image/jp eg, image/pjpeg, */*..User-Agent: Mozilla/4.0 (compatible; M SIE 5.5; Windows 98)..Host: 218.69.28.11..Connection: Keep- Alive.... Thank! Hwee Khoon
