On Fri, Aug 22, 2008 at 10:49:53AM +0200, Gregory Machin wrote: > I have a client that we provide conectivity for. they have a fire > wall running a squid proxy that is configured with our proxy as > it's parent proxy and most of the traffic I'm seeing looks like > this > > 1219394376.025 119836 192.168.199.253 TCP_MISS/000 0 GET > http://192.168.200.10/secars/secars.dll?h=BDA3... > - DIRECT/192.168.200.10 - > 1219394376.112 119812 192.168.199.253 TCP_MISS/000 0 GET > http://192.168.201.143/secars/secars.dll?h=6C16C... > - DIRECT/192.168.201.143 - > 1219394376.313 119792 192.168.199.253 TCP_MISS/000 0 GET > http://192.168.200.10/secars/secars.dll?h=8A4F... > - DIRECT/192.168.200.10 - > > what is it ? Not sure, may be something to do with Symantec EndPoint Protection Manager; whatever that is. At least that's the references I've seen in a Google search for secars.dll. > and should I my proxy be receiving these requests ? That depends - are 192.168.200.x and 192.168.201.x under your control? Or more correctly: does your client need to access these addresses via your proxy? It may be that they need reconfigure their squid to go direct for that server rather than use your proxy.
