Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: tidalbobo on April 01, 2009, 06:57:13 AM
-
Pls see the image from my SQID sarg log.
pls see
http://picasaweb.google.com/lh/photo/FbcYU12hAjjBsyFzNCB7rA?authkey=Gv1sRgCL3LrI7ai4OgDA&feat=directlink
The each attempt has DENIED status, but in each case there is a download. Total DENIED downloads amount to 6.61 MB.
Can this be possible?
I am using LDAP auth. So ideally instead of "User: 172.16.64.64" ( the IP), i should get "User: ABC". I get this ip-resolved user names for other users. But this guy is weird. Got me worried. Any clue to whats going on?
Thanks in advance.
-
Use acl to block him and see his activity through tail -f <access.log file>. If he still downloading he must have another hole in squid.conf file.
Implement one by one and try to find out exact matter.
-
Im not too sure about having a HOLE some place.
The rule is pretty basic.
It defines my_networks
The allow is based on (my_nwteorks AND LDAP password)
thts all.
If password is incorrect users are not allowed access. That part works fine.