Dear Alex,
Which version are you using? Did you try to set acl and allow requests from intranet (e.g. 192.168.1.0/255.255.255.0) only :-
acl intranet src 192.168.0.0/255.255.255.0 http_access allow intranet http_access deny all
Regards, John Mok
Alex wrote:
Dear All,
i have a problem with my squid proxy.. suddenly its performance decrease and i never get the speed i expect from my squid box, and when i tail to access.log i find a weird line of information there,, please find it below :
1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT 205.188.156.185:25 - DIRECT/205.188.156.185 -
i found thousands of line similar to this one, even, i dont know the source ip address, destination or even the direct destination !! the 3 ip addresses doesn't belong to my network at all and all are blocked from the squid.conf file, plus why the destenation is trying to make connection on port 25 !!! ? such port is also blocked with the Safe_ports rule !
port 25 is not allowed on my linux box , so how this ip can hack to my squid box and through my squid can open a session to port 25 on the destination ? and how i can block this from happening ?! its killing my squid box performance
Best Regards ,
