Hello, Im testing out using squid sat in front of a wordpress installation. Wordpress sometimes isn't the fastest so i thought id try squid to serve the sites static content. The site is quite popular so i have set squid to run on a separate IP which i hit through host file entries. Squid then acts as a transparent proxy and sends the request to apache over the loopback address. Now this is working fine, the problem i have is i believe it may be being abused which is likely due to some misconfiguration i have made. The access.log shows entries from a chinese IP every second or so, below is an extract of the hits im seeing. 1277220997.529 1187 124.31.204.10 TCP_MISS/200 102 CONNECT 205.188.251.43:443 - DIRECT/205.188.251.43 - 1277221000.132 1190 124.31.204.10 TCP_MISS/200 102 CONNECT 64.12.202.116:443 - DIRECT/64.12.202.116 - 1277221002.730 1188 124.31.204.10 TCP_MISS/200 102 CONNECT 205.188.251.43:443 - DIRECT/205.188.251.43 - 1277221004.336 362 95.25.187.148 TCP_MISS/200 103 CONNECT 64.12.202.8:443 - DIRECT/64.12.202.8 - 1277221005.274 1188 124.31.204.10 TCP_MISS/200 102 CONNECT 64.12.202.116:443 - DIRECT/64.12.202.116 - Now they are not legitimately using the site, it looks to me like there using it to connect to other site's. What do you guys think? I can post the config if you like? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Concerns-tp2264334p2264334.html Sent from the Squid - Users mailing list archive at Nabble.com.
