I`ve checked the configuration file and it seems
that only port 443 and 563 were connected to SSL_Ports
acl rule. What's the usage of port 563 anyway? By the
way, any other way to check what exactly those logs
for? is it attempt by kazaa users? Thanks again!
Brian
--- Elsen Marc <elsen@imec.be> wrote:
>
>
> >
> > Dear all,
> >
> > Recently, i became aware that a number of my
> users
> > started to use kazaa and those other tunnel
> software
> > as well. I checked the access.log files and came
> > across these logs :-
> >
> > 192.168.25.220 - - [10/Jan/2005:11:24:38 +0800]
> > "CONNECT 213.103.81.214:3518 HTTP/1.0" 200 223
> > TCP_MISS:DIRECT
> > 192.168.25.220 - - [10/Jan/2005:11:24:39 +0800]
> > "CONNECT 4.16.112.104:1214 HTTP/1.0" 0 0
> TCP_MISS:NONE
> > 192.168.21.23 - - [10/Jan/2005:11:24:42 +0800]
> > "CONNECT 65.32.244.27:3697 HTTP/1.0" 200 212
> > TCP_MISS:DIRECT
> > 192.168.25.55 - - [10/Jan/2005:11:24:45 +0800]
> > "CONNECT 24.166.75.223:1214 HTTP/1.0" 200 221
> > TCP_MISS:DIRECT
> > 192.168.25.55 - - [10/Jan/2005:11:24:46 +0800]
> > "CONNECT 66.139.108.167:1340 HTTP/1.0" 200 227
> > TCP_MISS:DIRECT
> >
> >
> > If you noticed carefully, the logs sometimes has
> the
> > value of TCP_MISS:DIRECT and some of them are
> > TCP_MISS:NONE.
> >
> >
> > I`ve been trying to track down the source of the
> > problem. They are using hopster and etc. It seems
> like
> > they know the existant of Squid server here and
> try to
> > take advantage of it.Could some one point me how
> to
> > get rid of these things? thanks!
> >
>
> The SSL_Ports acl in squid.conf(.default), can be
> used to allow
> the list of ports allowed for 'CONNECT'. Make sure
> that , for instance,
> port 443 is the only port allowed for the connect
> method.
>
> M.
>
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com
Received on Mon Jan 10 2005 - 06:03:49 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST