Hi,
I have a squid proxy on a machine with a publicly-accessible ip
address. I have the access controls set up to only allow a certain
number of computers from within the network here to access it. I have
noticed that my access.log and store.log files are growing at what seems
to me to be a fairly rapid rate (around 10M every 2 hours), due to the
large number of attempted unauthorised accesses which are occurring.
They are all being successfully blocked (i.e. status is TCP_DENIED), so
i'm not worried about the cache getting polluted or misused (though
before I made the access controls more strict, an inordinate amount of
requests for sexually explicit material were made - presumably from
people who didn't want their browsing behaviours of this kind known) per
sé, but i'm worried that this large number of connections to the proxy
will adversely affect its performance.
I've no idea how exactly these other proxies (that's what i'm assuming
they are, though i'd appreciate any suggested alternatives and can
provide samples if needs be) found the proxy, though i can imagine it's
something to do with the fact that my squid proxy is running on the
default port and must have been scanned by some computer or other.
So is there anything I can do about this? If i shifted the port number
to a non-standard proxy port would these rogue processes have any more
difficulty finding it than they do now? Also, presumably the repeated
simultaneous access attempts will degrade the proxy's performance in
handling legitimate requests, so is there anything else I can do?
Any help/insights at all much appreciated.
Thanks very much,
Maurice
