In article <002b01c07d72$053b73e0$04f786ca@websprinter.net>,
M. Yu <myu@websprinter.net> wrote:
>I didn't notice the dash in 1025-65535. I'll be fixing that. IP-based
>ACL's are in place, Rob. Unfortunately, the prick, err, user is in my
>network. You were right too Miquel. A quick grep in access.log for
>undernet showed the bot using a CONNECT like so:
>
>979398125.588 43499 202.134.247.40 TCP_MISS/000 355 CONNECT
>oslo.no.eu.undernet.org
>
>I still don't get how this works though. Anyone care to explain in detail?
CONNECT is a way to proxy https requests. As https requests are
SSL-encrypted, squid can't interpret those sessions. It is also
unable to cache them. The only thing it can do is transparently
proxy them (2-way) to the destination host - and that is exactly
what CONNECT does (it's a HTTP method like like GET, PUT etc).
If the prick, err, user is using this method, it doesn't really
matter if you tighten up Safe-Ports - the line you want to fix
is actually SSL_ports. But if the ircd on oslo.no.eu.undernet.org
runs on port 443 (which is the default HTTPS port) there's not
much you can do without blocking legitimate HTTPS requests
to other hosts.
Yes, you can ofcourse block the _host_ oslo.no.eu.undernet.org
but like I said, that will only work until the prick, err, user
finds another ircd that runs on port 443.
>And if someone is using my Squid to connect to IRC, what effect does this
>have on Squid's performance?
It will eat 2 filedescriptors and 0.01% cpu
Mike.
-- The From: and Reply-To: addresses are internal news2mail gateway addresses. Reply to the list or to miquels@traveler.cistron-office.nl (Miquel van Smoorenburg) -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sat Jan 13 2001 - 11:05:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST