Hi,
we are using squid caching server for our corporate purpose. The details are as follows.
OS : RedHat Linux 6.2
Wccp : Version 1
Router: Cisco 7206
Squid : squid 2.3
Our Caching server is working fine for the past 15 days. Now we found a problem. If anyone from the internal segments generate virus. it is directly hitting the cache, eventhough we put the ACL in the squid.conf file. Our configuraton is as follows.
acl nimda1 url_regex root.exe
acl nimda2 url_regex command.exe
acl nimda3 url_regex readme.exe
acl nimda4 url_regex readme.eml
acl all src 0.0.0.0/0.0.0.0
acl src office! lan 192.168.129.3/255.255.255.255
http_access allow officelan
http_access deny nimda1
http_access deny all
Becos our corporate proxy IP is 192.168.129.3 So we want to get the requests only from the particular ip(For our security issues). But if any of the system in the same Network (192.168.129.0/24) has virus , simply it is hitting the caching server and the performance is degraded like anything. No other users can able to browse.
Also I have put the ipchains rule in the Linux Box. My IP chain rule is as follows
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j 3128 REDIRECT (This is for my Squid operation, it has to redirect the input to port 3128)
ipchains -A input -s 192.168.129.3/255.255.255.255 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -s 192.168.129.0/255.255.255.0 -d 0.0.0.0/0 -j DENY
is there any solution to overcome this. How to restrict the Virus attack.is the bug in squid? or is the problem in wccp1.0? Can any one help me?
Regards
R.Nithya ananth