On 13/12/17 03:46, Heiler Bemerguy wrote:
Hi guys,
Everyday I get tons of these GETs, a lot from the same IP, then a lot
from other IPs of our local intranet (we have some APs plugged on our
intranet). This is happening since forever, but I'm trying to
understand/get rid of it.
Any ideas?
The client software is broken.
1) using explicit URLs with raw-IPv4 to make its requests, and ..
2) performing Host header forgery. www.google.com is hosted in Googles
servers assigned the 216/8 IP range not the 172/8 range. And ..
3) not obeying the clear instruction that the given Domain is *only*
available when fetched by name (not by raw-IP).
Your options are to either;
get the client software fixed
OR,
configure ACLs detecting when such clients deliver those raw-IP URLs
and reject them with a 403 instead of a 301,
That can be done with an external ACL helper in http_reply_access that
tracks 301 + Content-Location and which client they were sent to.
Rejecting them with a 403 after an arbitrary number of repeats.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
