Re: [squid-users] URGENT!! problem due to virus.

From: <Nithya_Ananth/MAA/IN/Antarix@dont-contact.us>
Date: Thu, 28 Feb 2002 12:11:21 +0530
Hi,
  No luck.. Even I changed the order of acl also i am getting the same response. It is continously hitting my cache box. But cache denied it. If I see the access.log it is giving the error like
 
<IP_ADDRESS> GET://www.scripts/root.exe/ ? "HTTP/1.0" 403 414 TCP_DENIED:NONE
 
My access.log is hiting by this error like anything. and slowly the browsing is freezened. Is it becos anyother problem??? Pl hel me..
 
Regds,
R.Nithya Ananth



-----Colin Campbell <sgcccdc@citec.qld.gov.au> wrote: -----

To: Nithya_Ananth/MAA/IN/Antarix<Nithya_Ananth/MAA/IN/Antarix@antarix.net>
From: Colin Campbell <sgcccdc@citec.qld.gov.au>
Date: 02/27/2002 10:35PM
cc: <squid-users@squid-cache.org>
Subject: Re: [squid-users] URGENT!! problem due to virus.

Hi,Someone replied to you yesterday. Their answer was that you have thehttp_access lines in the wrong order. If you read the FAQ atwww.squid-cache.org you'll see that http_access lines are processed asthey are found. Your first line says allow officelan. Naturally, anyone onthat LAN is going to to be permitted regardles of whether they send a realrequest or a url mathcing your nimda ones.You need to reorder the lines:http_access deny nimda1http_access deny nimda2http_access deny nimda3http_access deny nimda4http_access allow officelanColinOn Wed, 27 Feb 2002 Nithya_Ananth/MAA/IN/Antarix@antarix.net wrote:>      Our Caching server is working fine for the past 15 days. Now we> found a problem. If anyone from the internal segments generate virus.> it is directly hitting the cache, eventhough we put the ACL in the> squid.conf file. Our configuraton is as follows.> acl nimda1 url_regex root.exe> acl nimda2 url_regex command.exe> acl nimda3 url_regex readme.exe> acl nimda4 url_regex readme.eml>  > acl all src 0.0.0.0/0.0.0.0> acl src office! lan 192.168.129.3/255.255.255.255>  > http_access allow officelan>  > http_access deny nimda1> http_access deny nimda2> http_access deny nimda3> http_access deny nimda4>  > http_access deny all
Received on Wed Feb 27 2002 - 23:41:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST