>
> Dear all,
>
> Recently, i became aware that a number of my users
> started to use kazaa and those other tunnel software
> as well. I checked the access.log files and came
> across these logs :-
>
> 192.168.25.220 - - [10/Jan/2005:11:24:38 +0800]
> "CONNECT 213.103.81.214:3518 HTTP/1.0" 200 223
> TCP_MISS:DIRECT
> 192.168.25.220 - - [10/Jan/2005:11:24:39 +0800]
> "CONNECT 4.16.112.104:1214 HTTP/1.0" 0 0 TCP_MISS:NONE
> 192.168.21.23 - - [10/Jan/2005:11:24:42 +0800]
> "CONNECT 65.32.244.27:3697 HTTP/1.0" 200 212
> TCP_MISS:DIRECT
> 192.168.25.55 - - [10/Jan/2005:11:24:45 +0800]
> "CONNECT 24.166.75.223:1214 HTTP/1.0" 200 221
> TCP_MISS:DIRECT
> 192.168.25.55 - - [10/Jan/2005:11:24:46 +0800]
> "CONNECT 66.139.108.167:1340 HTTP/1.0" 200 227
> TCP_MISS:DIRECT
>
>
> If you noticed carefully, the logs sometimes has the
> value of TCP_MISS:DIRECT and some of them are
> TCP_MISS:NONE.
>
>
> I`ve been trying to track down the source of the
> problem. They are using hopster and etc. It seems like
> they know the existant of Squid server here and try to
> take advantage of it.Could some one point me how to
> get rid of these things? thanks!
>
The SSL_Ports acl in squid.conf(.default), can be used to allow
the list of ports allowed for 'CONNECT'. Make sure that , for instance,
port 443 is the only port allowed for the connect method.
M.
Received on Sun Jan 09 2005 - 23:42:09 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST