Did it continue to spam the logs after you blocked it off with an acl?
-Daniel
Adrian Chadd wrote:
On Mon, Apr 30, 2007, Daniel Appleby wrote:
Hi,
We have an issue where peoples boxes that have java installed basically
hit our proxy continuously (java must get the settings from IE). The
proxy requires auth so it sends back a 407. The java updater ignores
this and tries again.
So our logs fill up with machines (only takes one or two) requesting the
same file and getting the same response time after time. This is most
cases peoples laptops so we it's hard to police the machines as they
come and go so quickly.
Ah, I remember this. The horrible jre downloader that (a) doesn't grok auth,
and (b) fails miserably to wait anything longer than a few ms before
retrying.
I ended up just putting an ACL into Squid whenever I saw this and had the
user contact us for "help".
Alternatively you could just allow that particular URL non-authenticated
access.
Adrian
A snip of the spam we get:
1173963552.808 1 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.862 4 128.184.118.146 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.863 3 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
1173963552.880 3 128.184.46.108 TCP_DENIED/407 11494 GET
http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
- NONE/- text/html
Does anyone know a way to stop people doing this? I don't really want to
iptables them off. Can you restrict the number of requests per ip to a file?
Thanks
Daniel
--
-----------------------------------------------------------------------------
Daniel Appleby
--
-----------------------------------------------------------------------------
Daniel Appleby,
