Re: [squid-users] I am seeing the following in my cache.log
On 25/03/2015 2:05 p.m., Monah Baki wrote: Thanks Amos, My problem is I only have control over the squid server. I can only tell the ISP to take the client offline and run some AntiVirus or better reimage the device. The security problem is that your proxy is receiving over port 80 (*unencrypted* origin server) a request the client apparently sent on port 443 (encrypted origin server). This may be caused by the client browser running a script which is hjacking it. Or somebody between your proxy and the client MITM'ing the connection and sending decrypted content out over the network in the clear. Neither is a desirable situation. Within 2 hours my cache.log grew to 50MB in size and it was repeating the error mentioned over and over again till my squid server started complaining about running out of file descriptors, and stopped working. Your proxy is configured such that it adds the Via header properly for loop detection. However, if there is another proxy stripping away that header and a loop happens it would directly lead to both the FD exhaustion and the extremely large amount of log entries (once per loop). Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] I am seeing the following in my cache.log
Thanks Amos, My problem is I only have control over the squid server. I can only tell the ISP to take the client offline and run some AntiVirus or better reimage the device. Within 2 hours my cache.log grew to 50MB in size and it was repeating the error mentioned over and over again till my squid server started complaining about running out of file descriptors, and stopped working. Thanks On Tue, Mar 24, 2015 at 8:58 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 25/03/2015 9:05 a.m., Monah Baki wrote: Thanks Yuri for the URL. The company is a small ISP using policy based routing, so using WPAD or GPO isn't feasible. Did you start reading with the problem explanation? the bit about whats Squid's testing for and how to interpret the log lines? Your log is saying that there is a client sending requests on port 80 which claim to be requests *on port 443*. Even if the IP matches facebook the port dont. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users