Gregory Machin wrote:
> On Fri, Aug 22, 2008 at 11:34 AM, Michael Alger <squid_at_mm.quex.org> wrote:
>> On Fri, Aug 22, 2008 at 10:49:53AM +0200, Gregory Machin wrote:
>>> I have a client that we provide conectivity for. they have a fire
>>> wall running a squid proxy that is configured with our proxy as
>>> it's parent proxy and most of the traffic I'm seeing looks like
>>> this
>>>
>>> 1219394376.025 119836 192.168.199.253 TCP_MISS/000 0 GET
>>> http://192.168.200.10/secars/secars.dll?h=BDA3...
>>> - DIRECT/192.168.200.10 -
>>> 1219394376.112 119812 192.168.199.253 TCP_MISS/000 0 GET
>>> http://192.168.201.143/secars/secars.dll?h=6C16C...
>>> - DIRECT/192.168.201.143 -
>>> 1219394376.313 119792 192.168.199.253 TCP_MISS/000 0 GET
>>> http://192.168.200.10/secars/secars.dll?h=8A4F...
>>> - DIRECT/192.168.200.10 -
>>>
>>> what is it ?
>> Not sure, may be something to do with Symantec EndPoint Protection
>> Manager; whatever that is. At least that's the references I've seen
>> in a Google search for secars.dll.
>>
>>> and should I my proxy be receiving these requests ?
>> That depends - are 192.168.200.x and 192.168.201.x under your
>> control? Or more correctly: does your client need to access these
>> addresses via your proxy?
>>
> those ips are on the clienst lan / wan that behind the proxy .
>
Then you will need to yell at them about their broken config.
Amos
-- Please use Squid 2.7.STABLE4 or 3.0.STABLE8Received on Fri Aug 22 2008 - 10:57:19 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 22 2008 - 12:00:03 MDT