On Mon, 1 Dec 2003, Hwee Khoon, Neo wrote: > We notice that a number of our cache user are doing a port 80 scan > across a range of IP addresses. As the destination IP are rather random, > is there any way we can configure Squid to deny such a request pattern?
I would recommend a program that tails the access.log watching for clients generating an excessive amount of TCP_MISS/000 requests to IP addresses and then firewalls the offending client from any network access. These clients are often infected by viruses or other malware and needs to be fixed. If not the user at that client needs to be fixed.. Regards Henrik
