Re: [squid-users] Problem in squid due to virus

From: Kancha . <kancha2np@dont-contact.us>
Date: Tue, 26 Feb 2002 07:11:48 -0800 (PST)

put http_access allow officelan after the nimda deny
acl.

--- Nithya_Ananth/MAA/IN/Antarix@antarix.net wrote:

<HR>
<FONT face="Default Sans Serif, Verdana, Arial,
Helvetica, sans-serif" size=2><DIV><FONT face="Default
Sans Serif, Verdana, Arial, Helvetica, sans-serif"
size=2>&nbsp;<DIV>Hi,</DIV><DIV>&nbsp; we are using
squid caching server for our corporate
purpose.&nbsp;&nbsp;The details are as
follows.</DIV><DIV>&nbsp;</DIV><DIV>OS&nbsp;&nbsp;&nbsp;
: &nbsp;&nbsp; RedHat Linux 6.2</DIV><DIV>Wccp :
Version 1</DIV><DIV>Router: Cisco 7206</DIV><DIV>Squid
: squid
2.3</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;&nbsp;&nbsp;&nbsp;
Our Caching server is working fine for the past 15
days. Now we found a problem. If anyone&nbsp;from the
internal segments generate virus. it is directly
hitting the cache, eventhough we put the ACL in the
squid.conf file. Our configuraton is as
follows.</DIV><DIV>&nbsp;&nbsp;&nbsp; </DIV><DIV>acl
nimda1 url_regex root.exe</DIV><DIV><DIV>acl nimda2
url_regex command.exe</DIV><DIV><DIV>acl nimda3
url_regex readme.exe</DIV><DIV><DIV>acl nimda4
url_regex
readme.eml</DIV><DIV>&nbsp;</DIV></DIV></DIV></DIV><DIV>acl
all src 0.0.0.0/0.0.0.0</DIV><DIV><DIV>acl src office!
lan 192.168.129.3/255.255.255.255
</DIV></DIV><DIV>&nbsp;</DIV><DIV>http_access allow
officelan</DIV><DIV>&nbsp;</DIV><DIV>http_access deny
nimda1</DIV><DIV><DIV>http_access deny
nimda2</DIV><DIV><DIV>http_access deny
nimda3</DIV><DIV><DIV>http_access deny
nimda4</DIV></DIV></DIV></DIV><DIV>&nbsp;</DIV><DIV>http_access
deny all</DIV><DIV>&nbsp;</DIV><DIV>Becos our
corporate proxy IP is 192.168.129.3 So we want to get
the requests only from the particular ip(For our
security issues). But if any of the system in the same
Network (192.168.129.0/24) has virus&nbsp;, simply it
is hitting the caching server and the performance is
degraded like anything. No other users can able to
browse. </DIV><DIV>&nbsp;&nbsp; Also I have put the
ipchains rule in the Linux Box. My IP chain rule is as
follows</DIV><DIV>&nbsp;</DIV><DIV><DIV>ipchains -A
input -s&nbsp;0.0.0.0/0 -d 0.0.0.0/0 80 -j 3128
REDIRECT (This is for my Squid operation, it has to
redirect the input to port 3128)</DIV></DIV><DI!
V>ipchains -A input -s 192.168.129.3/255.255.255.255
-d 0.0.0.0/0 -j ACCEPT <DIV></DIV><DIV><DIV>ipchains
-A input -s 192.168.129.0/255.255.255.0 -d 0.0.0.0/0
-j DENY</DIV><DIV>&nbsp;</DIV></DIV><DIV>&nbsp;&nbsp;
is there any solution to overcome this. How to
restrict the Virus attack.is the&nbsp;bug in squid? or
is the problem in wccp1.0? Can any one help
me?</DIV><DIV>&nbsp;</DIV><DIV>Regards</DIV><DIV>&nbsp;</DIV><DIV>R.Nithya
ananth</DIV><DIV></FONT>&nbsp;</DIV><DIV>&nbsp;</DIV></DIV></FONT>=

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
Received on Tue Feb 26 2002 - 08:11:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:32 MST