LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 07-17-2012, 10:31 AM   #1
takeit
LQ Newbie
 
Registered: Jul 2012
Posts: 8

Rep: Reputation: Disabled
Squid for linux authentication question


Hello,
I have installed squid on my debian server.
I configured it to use ncsa_auth so only users who will type username and password can use it because I had a lot of unknown connections to my proxy server without authentication enabled.

I have installed sqstat to see online connections to my proxy server
Seems like everything is working fine, I can use proxy only when I type username and password I defined.

But here is my question. Even if authentication is set sqstat shows me that there are (at the moment I captured it) 8 users and 95 connections @ 0.00/0.00 KB/s (CURR/AVG) which is weird.. because only I have access to that username with password i created, also shows my connection that I use at the moment.

I enabled Authentication, it prompt to type username and password but some people still have access to my proxy server ?
How is it possible? Can anyone explain me what I did wrong?

In log file it shows something like that:
Code:
1342531625.592      0 109.236.88.33 TCP_DENIED/407 1706 GET http://l13.member.ukl.yahoo.com/? - NONE/- text/html
1342531625.644      0 199.19.105.99 TCP_DENIED/407 1754 GET http://www.academic-softwares.com/store/index.php - NONE/- text/html
1342531625.716      0 50.93.204.245 TCP_DENIED/407 1679 GET http://ib.adnxs.com/ttj? - NONE/- text/html
1342531625.764      0 92.81.193.166 TCP_DENIED/407 1793 GET http://www.gottogofaster.com/ab-circle-workout-machine-review/ - NONE/- text/html
1342531625.797      0 81.30.223.67 TCP_DENIED/407 1655 CONNECT 64.12.202.59:443 - NONE/- text/html
1342531625.851      0 50.93.200.95 TCP_DENIED/407 1697 GET http://ad.yieldmanager.com/st? - NONE/- text/html
1342531625.908      0 68.233.239.13 TCP_DENIED/407 1658 CONNECT 219.106.251.99:25 - NONE/- text/html
1342531625.928      0 173.234.162.130 TCP_DENIED/407 1697 GET http://ad.yieldmanager.com/st? - NONE/- text/html
1342531625.931      0 94.41.205.88 TCP_DENIED/407 1661 CONNECT 205.188.95.208:443 - NONE/- text/html
1342531625.935      0 109.236.88.35 TCP_DENIED/407 1715 GET http://203.209.228.245/config/login? - NONE/- text/html
1342531625.970      0 92.105.237.197 TCP_DENIED/407 1781 GET http://molura.com/judge-server/php4/proxy-judge-ip-1.php4? - NONE/- text/html
1342531625.999      0 109.120.159.153 TCP_DENIED/407 1661 CONNECT 205.188.95.208:443 - NONE/- text/html
1342531626.008      0 109.120.159.153 TCP_DENIED/407 1661 CONNECT 205.188.27.208:443 - NONE/- text/html
1342531626.019      0 109.120.159.153 TCP_DENIED/407 1661 CONNECT 205.188.95.208:443 - NONE/- text/html
1342531626.081      0 50.93.205.175 TCP_DENIED/407 1697 GET http://ad.yieldmanager.com/st? - NONE/- text/html
etc

Last edited by takeit; 07-17-2012 at 10:33 AM.
 
Old 07-17-2012, 11:47 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

For a public accessible server, it's usual that there are these kind of probes.
In your logs there are only TCP_DENIED/407 that is a good sign. Means that your server requires authentication and denies access if it doesn't get it.

Regards
 
Old 07-17-2012, 01:07 PM   #3
takeit
LQ Newbie
 
Registered: Jul 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
Ok, but this means that someone is still connecting to my proxy server even if it denies access ? Because I don't know why some people can still connect..
 
Old 07-17-2012, 04:22 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
Originally Posted by takeit View Post
Ok, but this means that someone is still connecting to my proxy server even if it denies access ? Because I don't know why some people can still connect..
Note that they are trying to connect to your server, but they don't succeed. After the initial try they go away.
If you run publicly accessible servers (like web, mail etc), you'll always see attempts like these. If you don't want to see them, use a firewall to block them before accessing your server.

Regards
 
Old 07-18-2012, 09:38 AM   #5
takeit
LQ Newbie
 
Registered: Jul 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
Note that they are trying to connect to your server, but they don't succeed. After the initial try they go away.
If you run publicly accessible servers (like web, mail etc), you'll always see attempts like these. If you don't want to see them, use a firewall to block them before accessing your server.

Regards
Ok thank you very much for that information
 
  


Reply

Tags
squidproxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy authentication and without authentication reaven Linux - Server 1 06-06-2011 07:52 AM
Using Active directory Authentication of parent non-squid cache to child squid cache espiya7 Linux - Server 0 05-05-2009 09:04 AM
LDAP authentication for squid squid 2.6.STABLE16 release 2.fc8 farrukhndm Linux - Security 2 04-03-2008 02:57 AM
Linux Authentication Question devxtech Linux - Networking 1 08-11-2006 08:18 PM
Squid authentication gubak Linux - Networking 10 08-13-2004 09:31 AM


All times are GMT -5. The time now is 11:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration