[squid-users] URGENT!! problem due to virus.

From: <Nithya_Ananth/MAA/IN/Antarix@dont-contact.us>
Date: Wed, 27 Feb 2002 12:28:13 +0530
Hi,
  we are using squid caching server for our corporate purpose.  The details are as follows.
 
OS    :    RedHat Linux 6.2
Wccp : Version 1
Router: Cisco 7206
Squid : squid 2.3
 
     Our Caching server is working fine for the past 15 days. Now we found a problem. If anyone from the internal segments generate virus. it is directly hitting the cache, eventhough we put the ACL in the squid.conf file. Our configuraton is as follows.
   
acl nimda1 url_regex root.exe
acl nimda2 url_regex command.exe
acl nimda3 url_regex readme.exe
acl nimda4 url_regex readme.eml
 
acl all src 0.0.0.0/0.0.0.0
acl src office! lan 192.168.129.3/255.255.255.255
 
http_access allow officelan
 
http_access deny nimda1
http_access deny nimda2
http_access deny nimda3
http_access deny nimda4
 
http_access deny all
 
Becos our corporate proxy IP is 192.168.129.3 So we want to get the requests only from the particular ip(For our security issues). But if any of the system in the same Network (192.168.129.0/24) has virus , simply it is hitting the caching server and the performance is degraded like anything. No other users can able to browse.
   Also I have put the ipchains rule in the Linux Box. My IP chain rule is as follows
 
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j 3128 REDIRECT (This is for my Squid operation, it has to redirect the input to port 3128)
ipchains -A input -s 192.168.129.3/255.255.255.255 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -s 192.168.129.0/255.255.255.0 -d 0.0.0.0/0 -j DENY
 
   is there any solution to overcome this. How to restrict the Virus attack.is the bug in squid? or is the problem in wccp1.0? Can any one help me?
 
Regards
 
R.Nithya ananth
 
 

 
Received on Wed Feb 27 2002 - 01:21:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:33 MST