I am using squid 2.5Stable7 in my Redhat linux 7.3. From few days I am getting these types of request in my squid log file.
NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:07 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:12 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:13 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:17 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:18 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:19 +0545] "POST
http://192.168.119.128/_vti_bin/_vti_aut/fp30reg.dll HTTP/0.0" 501 1466 TCP_DENIED:NONE
- - [20/Feb/2005:16:46:21 +0545] "POST
http://192.168.119.129/_vti_bin/_vti_aut/fp30reg.dll HTTP/0.0" 501 1466 TCP_DENIED:NONE
- - [20/Feb/2005:16:46:22 +0545] "POST
http://192.168.119.130/_vti_bin/_vti_aut/fp30reg.dll HTTP/0.0" 501 1466 TCP_DENIED:NONE
- - [20/Feb/2005:16:46:23 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:24 +0545] "POST
http://192.168.119.131/_vti_bin/_vti_aut/fp30reg.dll HTTP/0.0" 501 1466 TCP_DENIED:NONE
- - [20/Feb/2005:16:46:24 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
- - [20/Feb/2005:16:46:26 +0545] "NONE error:request-too-large HTTP/0.0" 413 1641 NONE:NONE
----------------------------------------------------------------
These types of request are consuming my upload bandwidth, It looks like client computer is infected by worm or virus which is trying to scan IIIS server. How can I block these request from passing my proxy server in firewall, so that my uplink bandwidth will be saved. Is there any way of blocking scan to remote port IIS vunerable ports from bypassing my proxy server.
Please help me. It's consuming much much of my upload traffic.