On Fri, Aug 22, 2008 at 11:34 AM, Michael Alger <squid@xxxxxxxxxxx> wrote: > On Fri, Aug 22, 2008 at 10:49:53AM +0200, Gregory Machin wrote: >> I have a client that we provide conectivity for. they have a fire >> wall running a squid proxy that is configured with our proxy as >> it's parent proxy and most of the traffic I'm seeing looks like >> this >> >> 1219394376.025 119836 192.168.199.253 TCP_MISS/000 0 GET >> http://192.168.200.10/secars/secars.dll?h=BDA3... >> - DIRECT/192.168.200.10 - >> 1219394376.112 119812 192.168.199.253 TCP_MISS/000 0 GET >> http://192.168.201.143/secars/secars.dll?h=6C16C... >> - DIRECT/192.168.201.143 - >> 1219394376.313 119792 192.168.199.253 TCP_MISS/000 0 GET >> http://192.168.200.10/secars/secars.dll?h=8A4F... >> - DIRECT/192.168.200.10 - >> >> what is it ? > > Not sure, may be something to do with Symantec EndPoint Protection > Manager; whatever that is. At least that's the references I've seen > in a Google search for secars.dll. > >> and should I my proxy be receiving these requests ? > > That depends - are 192.168.200.x and 192.168.201.x under your > control? Or more correctly: does your client need to access these > addresses via your proxy? > those ips are on the clienst lan / wan that behind the proxy . > It may be that they need reconfigure their squid to go direct for > that server rather than use your proxy. >
