On a squid based proxy server I have started to get a lot of these
types of requests showing in the access logs.
Can you explain them to me
Also why would an external IP address be asking for another external
IP address. None of these addresses are related to our network.

68.61.79.152 TCP_MISS/999 1495 GET
http://l17.login.dcn.yahoo.com/config/login? - DIRECT/216.109.127.48
text/html

Do a search of your log file for the text "prxjdg.cgi". This cgi file
is used to gauge the effectiveness of your proxy server in hiding the
origination IP address or other identifing information. If you get a
number of hits in your log file then people have posted your proxy as
a possible open proxy and others are attempting to use it.

Youre absolutely right.

thankyou for the comment

2 ways to get them to stop.

1. Require authentication
2. Install a content blocker

The reason the first works is obvious. the reason the second works is
that a good portion of the abusers are hiding their source because
they are hacking into a pay site, usually a porn site. The content
blocker will make this useless for that group and you will be marked
off a number of the lists as well as marked as restricted on others.
Many will not bother with a restricted proxy.

its very simple. whenever you are on a public IP, you are vulnerable
from the attacks of other people. Eating resources of others is also
concidered as an act of DOS Attack. People usually scan around
internet for open proxies, i think so you are running squid on default
port 3128 or 80.

You can do two things to stop this.

1. Change the port in squid.conf to some else (rather than 3128 or 80)
and subsequently change the iptables rules to redirect for transparent
proxing (if you are using then else not needed).

2. Add an ACL into the squid.conf and allow only your Network to
access squid (no matter if its on default port). By this way all other
third party users will be rejected by the squid, and your resources
(bandwitdh/cpu time) will not be roughly used.

Note that changing port will help in other points too. If somehow your
squid is old and have security bugs in it, changing default port will
help at a start level to protect your proxy system to become
compromised.


hope this help, if you need ACL or how to change port , reply back.
I'll put it through.


regards,
s.ahmad

I am new to Google answers and appreciate both your comments.
My newbie status means I have no idea how to split/divide the answer fee.
I feel the question has been appropriately answered so if you could direct me ....

thanks

realy i dont know how to do that either :)

regards