Dear John,
i just done this and im getting the following :
1115668842.640 14680 61.224.206.211 TCP_DENIED/200 824 CONNECT
205.188.156.185:25
seems its working now, Thanks to you :),,, i think i have a problem the the CONNECT acl rule ..
but i still dont understand how such connection appears in my access.log file, and what i can do so that it would never appear there ?!
Regards , Alex
Dear Alex,
Which version are you using? Did you try to set acl and allow requests from intranet (e.g. 192.168.1.0/255.255.255.0) only :-
acl intranet src 192.168.0.0/255.255.255.0 http_access allow intranet http_access deny all
Regards, John Mok
Alex wrote:
3Dear All,
i have a problem with my squid proxy.. suddenly its performance decrease and i never get the speed i expect from my squid box, and when i tail to access.log i find a weird line of information there,, please find it below :
1115668842.640 14680 61.224.206.211 TCP_MISS/200 824 CONNECT 205.188.156.185:25 - DIRECT/205.188.156.185 -
i found thousands of line similar to this one, even, i dont know the source ip address, destination or even the direct destination !! the
ip addresses doesn't belong to my network at all and all are blocked from the squid.conf file, plus why the destenation is trying to make connection on port 25 !!! ? such port is also blocked with the Safe_ports rule !my
port 25 is not allowed on my linux box , so how this ip can hack to
squid box and through my squid can open a session to port 25 on the destination ? and how i can block this from happening ?! its killing my squid box performance
Best Regards ,
