论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-01-10 16:46 |只看该作者 |倒序浏览

我启动squid就发现access.log日志增加很快，4个小时就500mb

我打开vi access.log一看发现全是如下：
。。。。。。
1199931682.559 4446 203.67.113.76 TCP_MISS/200 2114 CONNECT 218.32.192.14:25 - DIRECT/218.32.192.14 -
1199931682.559 1624 203.67.113.167 TCP_MISS/200 504 CONNECT 210.59.227.15:25 - DIRECT/210.59.227.15 -
1199931682.567    13 203.67.113.76 TCP_MISS/503 0 CONNECT 203.129.74.227:25 - DIRECT/203.129.74.227 -
1199931682.572 3979 72.46.140.42 TCP_MISS/200 142 CONNECT 207.13.74.149:25 - DIRECT/207.13.74.149 -
1199931682.575 1688 66.186.36.196 TCP_MISS/200 213 CONNECT 82.195.224.51:25 - DIRECT/82.195.224.51 -
1199931682.576    0 85.214.52.57 TCP_MISS/503 0 CONNECT 127.0.1.50:25 - DIRECT/127.0.1.50 -
1199931682.578 1315 59.104.7.90 TCP_MISS/200 69 CONNECT 12.158.8.82:25 - DIRECT/12.158.8.82 -
1199931682.579 4267 72.46.133.10 TCP_MISS/200 2094 CONNECT 216.32.180.22:25 - DIRECT/216.32.180.22 -
1199931682.584 4268 66.186.36.200 TCP_MISS/200 290 CONNECT 195.149.224.89:25 - DIRECT/195.149.224.89 -
1199931682.587  61169 122.126.121.52 TCP_MISS/200 39 CONNECT 129.250.36.57:25 - DIRECT/129.250.36.57 -
1199931682.589 1868 203.67.113.28 TCP_MISS/200 463 CONNECT 59.124.34.226:25 - DIRECT/59.124.34.226 -
1199931682.592  21795 122.126.98.192 TCP_MISS/200 7710 CONNECT 218.242.196.36:25 - DIRECT/218.242.196.36 -
1199931682.594  32716 203.67.113.167 TCP_MISS/200 593 CONNECT 220.130.53.205:25 - DIRECT/220.130.53.205 -
1199931682.594 3670 59.104.7.90 TCP_MISS/200 5079 CONNECT 60.250.4.94:25 - DIRECT/60.250.4.94 -
1199931682.597 1355 203.67.113.183 TCP_MISS/200 321 CONNECT 211.21.172.40:25 - DIRECT/211.21.172.40 -
。。。。。。（我贴出一小部分）

这是squid.conf的部分配置：
。。。
nonhierarchical_direct off
#hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex .jsp .jsf .gif .jpg .jpeg .png .bmp .ziff .rar .zip ####网站图片都不缓存图片文件
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 512 MB
maximum_object_size 20000 KB
maximum_object_size_in_memory 4096 KB
cache_dir ufs /usr/local/squid/var/cache 10000 16 256
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /usr/local/squid/var/logs/access.log squid
。。。。。
#dd
acl myIP dst 127.0.0.1

#acl limit2Ip src 220.181.38.198
acl SSL_ports port 443
acl Safe_ports port 80       # http
acl Safe_ports port 21       # ftp
acl Safe_ports port 443       # https
acl Safe_ports port 70       # gopher
acl Safe_ports port 210       # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280       # http-mgmt
acl Safe_ports port 488       # gss-http
acl Safe_ports port 591       # filemaker
acl Safe_ports port 777       # multiling http
acl CONNECT method CONNECT

http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny limitIP

http_access deny !myIP

http_reply_access allow all
icp_access allow all
。。。。。。

请问squid高手帮忙看看！

文库|博客

liuhanzhao

家境小康

论坛徽章:: 0

2楼 [报告]

发表于 2008-01-10 17:24 |只看该作者

加个http_access deny CONNECT !Safe_ports
试试
可能有人那你的服务器当代理了，呵呵

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

kfping

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2008-01-11 09:20 |只看该作者

谢谢liuhanzhao关注

加个http_access deny CONNECT !Safe_ports这句？

http_access deny !Safe_ports----------------------------这里有了
http_access deny CONNECT !SSL_ports

粗体字体的和你http_access deny CONNECT !Safe_ports和这句不是一样吗？

今天squid一启动还是出现
1200013852.399 2933 59.104.7.114 TCP_MISS/200 490 CONNECT 220.135.29.35:25 - DIRECT/220.135.29.35 -
1200013852.404 4629 66.186.36.197 TCP_MISS/200 365 CONNECT 80.237.138.5:25 - DIRECT/80.237.138.5 -
1200013852.405 2615 203.67.113.229 TCP_MISS/200 294 CONNECT 156.108.164.19:25 - DIRECT/156.108.164.19 -
1200013852.405 2453 219.87.65.167 TCP_MISS/200 625 CONNECT 209.85.199.114:25 - DIRECT/209.85.199.114 -
1200013852.406 703 72.46.133.10 TCP_MISS/200 74 CONNECT 198.152.71.104:25 - DIRECT/198.152.71.104 -
1200013852.409 0 66.109.18.245 TCP_MISS/503 0 CONNECT 0.0.0.0:25 - DIRECT/0.0.0.0 -
1200013852.412 942 72.46.130.146 TCP_MISS/200 86 CONNECT 209.191.88.239:25 - DIRECT/209.191.88.239 -
1200013852.413 942 72.46.130.146 TCP_MISS/200 86 CONNECT 209.191.88.239:25 - DIRECT/209.191.88.239 -
。。。。。。。。。。。。

请高手们帮帮忙。。。。。

[ 本帖最后由 kfping 于 2008-1-11 09:21 编辑 ]

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

kfping

白手起家

论坛徽章:: 0

4楼 [报告]

发表于 2008-01-15 15:38 |只看该作者

加了这个http_access deny CONNECT !Safe_ports，还是不行！！！

access.log文件还是猛增！
现象还是
1200013852.399 2933 59.104.7.114 TCP_MISS/200 490 CONNECT 220.135.29.35:25 - DIRECT/220.135.29.35 -
1200013852.404 4629 66.186.36.197 TCP_MISS/200 365 CONNECT 80.237.138.5:25 - DIRECT/80.237.138.5 -
1200013852.405 2615 203.67.113.229 TCP_MISS/200 294 CONNECT 156.108.164.19:25 - DIRECT/156.108.164.19 -
1200013852.405 2453 219.87.65.167 TCP_MISS/200 625 CONNECT 209.85.199.114:25 - DIRECT/209.85.199.114 -
1200013852.406 703 72.46.133.10 TCP_MISS/200 74 CONNECT 198.152.71.104:25 - DIRECT/198.152.71.104 -
1200013852.409 0 66.109.18.245 TCP_MISS/503 0 CONNECT 0.0.0.0:25 - DIRECT/0.0.0.0 -
1200013852.412 942 72.46.130.146 TCP_MISS/200 86 CONNECT 209.191.88.239:25 - DIRECT/209.191.88.239 -
1200013852.413 942 72.46.130.146 TCP_MISS/200 86 CONNECT 209.191.88.239:25 - DIRECT/209.191.88.239 -

请各位高手帮忙看看阿！！！！！！谢谢了。。。。。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

xiao6

家境小康

论坛徽章:: 0

5楼 [报告]

发表于 2008-01-15 15:47 |只看该作者

你把 allow all 到了最前面，后面再 deny 有什么用

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

kfping

白手起家

论坛徽章:: 0

6楼 [报告]

发表于 2008-01-15 16:37 |只看该作者

谢谢xiao6关注！

把这句http_access allow all放在下方？

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny limitIP

http_access allow all

是这样吗？