fre 2010-04-02 klockan 20:30 +0100 skrev a...@gmail: > My http_port settings are
Nothing obviously odd there, except that you should not need the 3128 port. So keep a close eye on access.log of both Squid and your web server when seeing the problem. > I have this in my cache.log but I don't know where it's coming from > > WARNING: CONNECT method received on http Accelerator port 3128 Someone is trying to use your reverse proxy port as a normal proxy. See access.log for who. > lientProcessRequest: Invalid Request > 2010/04/02 13:35:00| Failed to select source for 'http://mysite.net/' > 2010/04/02 13:35:00| always_direct = 0 > 2010/04/02 13:35:00| never_direct = 0 > 2010/04/02 13:35:00| timedout = 0 Not mysite.net is in your list of sites for the main server. > 2010/04/02 13:46:43| Failed to select source for > 'http://81.XX.XX.XX/install.txt' ((This is my public IP) Probably a bot looking for a known vulnerability in some other server / shopping cart application. Nothing to worry about. > And finally my access.log fills up within minutes, it is now in the size of > 23, 780, 835 bytes (23.5 MB) > This is far too large, sometimes it's even difficult to empty them, as they > won't open because they are too large. > Any ideas please? I have tried the squid -k rotate but it doesn't seem to > work for the access.log access.log is rotated by "squid -k rotate" just as the other logs. But maybe your Squid is configured for using external rotation by logrotate or similar.. > access.log > 1270183340.294 615 204.152.200.138 TCP_MISS/200 167 CONNECT > 203.188.197.10:25 - DIRECT/203.188.197.10 - Ouch.. someone are using your server as a spam relay. Do you have any http_port not configured in accel mode? > For the above question, the answer is yes if it is what I understood > the bottom one I didn't understand what you meant > > " > Including host component." scheme://hostcomponent/urlpath Regards Henrik
