[squid-users] httpd-accelerator from Emilio Casbas on 2003-10-20 (squid-users)

From: Emilio Casbas <ecasbas@dont-contact.us>
Date: Mon, 20 Oct 2003 11:12:35 +0200

We have configured two reverse proxy accelerators with squid for our
web-servers with load-balancing (for a long time), all the traffic
incoming is for our web-servers, well, but in the squid logs we can to
see a few connections what isn't for our webservers (likely inappropiate
uso)

In a reverse proxy for example:

200.30.146.106 - - [17/Oct/2003:20:09:05 +0200] "GET
http://www.altavista.com/r? HTTP/1.0" 403 1359 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:06 +0200] "GET
http://www.altavista.com/a? HTTP/1.0" 403 1359 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:11 +0200] "GET
http://www.altavista.com/a? HTTP/1.0" 403 1359 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:12 +0200] "GET
http://www.altavista.com/web/results? HTTP/1.0" 403 1379 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:15 +0200] "GET
http://www.altavista.com/web/results? HTTP/1.0" 403 1379 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:16 +0200] "GET
http://www.altavista.com/a? HTTP/1.0" 403 1359 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:19 +0200] "GET
http://www.altavista.com/a? HTTP/1.0" 403 1359 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:22 +0200] "GET
http://www.yahoo.com/ HTTP/1.0" 403 1347 TCP_DENIED:NONE
200.30.146.106 - - [17/Oct/2003:20:09:29 +0200] "GET
http://www.yahoo.com/ HTTP/1.0" 403 1347 TCP_DENIED:NONE

200.72.157.224 - - [17/Oct/2003:03:03:49 +0200] "GET
http://members.msn.com/upload.msnw? HTTP/1.0" 403 1375 TCP_DENIED:NONE
200.72.157.224 - - [17/Oct/2003:03:03:51 +0200] "GET
http://members.msn.com/upload.msnw? HTTP/1.0" 403 1375 TCP_DENIED:NONE
200.72.157.224 - - [17/Oct/2003:03:03:54 +0200] "GET
http://members.msn.com/upload.msnw? HTTP/1.0" 403 1375 TCP_DENIED:NONE

vpn.consorcio.cl - - [17/Oct/2003:15:53:20 +0200] "GET
http://www.google.cl/search? HTTP/1.0" 403 1361 TCP_DENIED:NONE
vpn.consorcio.cl - - [17/Oct/2003:15:53:28 +0200] "GET
http://www.google.cl/search? HTTP/1.0" 403 1361 TCP_DENIED:NONE
vpn.consorcio.cl - - [17/Oct/2003:15:53:31 +0200] "GET
http://www.google.cl/search? HTTP/1.0" 403 1361 TCP_DENIED:NONE
vpn.consorcio.cl - - [17/Oct/2003:15:53:38 +0200] "GET
http://www.google.cl/search? HTTP/1.0" 403 1361 TCP_DENIED:NONE
vpn.consorcio.cl - - [17/Oct/2003:15:53:51 +0200] "GET
http://www.google.cl/url? HTTP/1.0" 403 1355 TCP_DENIED:NONE

All the traffic inappropiate is denied for squid, but we would like the reason for the requests (a bad configuation or deliberate?)

Thanks!.

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Mon Oct 20 2003 - 03:12:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:32 MST