We are seeing entries like this in our squid access log: 1376290358.781 151 198.2.208.203 TCP_MISS/200 916 GET http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18 text/html 1376290358.813 150 198.2.208.203 TCP_MISS/200 916 GET http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18 text/html 1376290362.235 151 198.2.208.203 TCP_MISS/200 914 GET http://toolbarqueries.google.com.hk/tbr? - HIER_DIRECT/74.125.237.18 text/html 1376290369.401 276 46.102.93.254 TCP_MISS/200 4850 GET http://www.baidu.com/ - HIER_DIRECT/180.76.3.151 text/html 1376290370.041 663 199.180.100.170 TCP_MISS/200 9183 GET http://www.google.tm/ - HIER_DIRECT/74.125.237.120 text/html 1376290370.455 1128 216.244.78.163 TCP_MISS/200 12491 GET http://www.google.com.uy/ - HIER_DIRECT/74.125.237.119 text/html 1376290375.713 3449 198.52.120.152 TCP_MISS/302 840 POST http://shelivedinashoe.com/wp-comments-post.php - HIER_DIRECT/97.74.26.128 text/html It looks like someone else's traffic is somehow being routed through our proxy?? How can this one even happen: 1376291144.757 879 216.244.78.166 TCP_MISS/302 1057 GET http://203.208.46.128/search? - HIER_DIRECT/203.208.46.128 text/html ? No idea what this means. I know I could add entries like this by creating a hosts file entry to point fake.domain.com to our server but surely it's not people doing this? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Reverse-Proxy-Attempted-connections-to-domains-we-do-not-host-tp4661522.html Sent from the Squid - Users mailing list archive at Nabble.com.