Logging 请解释Squid access.log的这几行:
事情是“205.185.216.42”目前在我们的黑名单中,所以这行日志会触发IP。我不知道怎么读:Logging 请解释Squid access.log的这几行:,logging,squid,Logging,Squid,事情是“205.185.216.42”目前在我们的黑名单中,所以这行日志会触发IP。我不知道怎么读: 1239879844.243 2129 192.168.0.1 TCP_MISS/403 337 HEAD http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b5faeacb-5da7-4c5a-8ebb-5c419d82781f? - HIER_DIRECT/205.185.216.42 1239879844.
1239879844.243 2129 192.168.0.1 TCP_MISS/403 337 HEAD http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b5faeacb-5da7-4c5a-8ebb-5c419d82781f? - HIER_DIRECT/205.185.216.42
1239879844.243 2729 192.168.0.2 TCP_TUNNEL/200 106460 CONNECT hwcdnssl.cedexis-test.com:443 - HIER_DIRECT/205.185.216.42 -
1239879844.243 1578 192.168.0.3 TCP_MISS/200 1317 GET http://apps.identrust.com/roots/dstrootcax3.p7c - HIER_DIRECT/192.35.177.64 application/x-pkcs7-mime
1239879844.243 1581 192.168.0.4 TCP_TUNNEL/200 87268 CONNECT script.hotjar.com:443 - HIER_DIRECT/205.185.216.42 -
请帮助您可能正在阻止
205.185.216.42ssl\u bumphttpsTCP_隧道/200TCP_MISS/403403hwcdn.net$ host script.hotjar.com
script.hotjar.com is an alias for cds.x9r8d8c9.hwcdn.net.
cds.x9r8d8c9.hwcdn.net has address 205.185.216.10
cds.x9r8d8c9.hwcdn.net has address 205.185.216.42
$ host hwcdnssl.cedexis-test.com
hwcdnssl.cedexis-test.com is an alias for cds.x9n3c7e4.hwcdn.net.
cds.x9n3c7e4.hwcdn.net has address 205.185.216.42
$ host tlu.dl.delivery.mp.microsoft.com
tlu.dl.delivery.mp.microsoft.com is an alias for 2-01-3cf7-000d.cdx.cedexis.net.
2-01-3cf7-000d.cdx.cedexis.net is an alias for cds.f7y3z2w8.hwcdn.net.
cds.f7y3z2w8.hwcdn.net has address 205.185.216.10
cds.f7y3z2w8.hwcdn.net has address 205.185.216.42
cds.x9n3c7e4.hwcdn.net has address 205.185.216.10
js要深入挖掘,您需要从客户端捕获一些流量并检查有效负载,但在开始挖掘太多之前一定要检查恶意软件/病毒/等,因为这可能会节省您一些时间!这为我清除了所有内容,谢谢!实际上,我们刚刚将此205.185.216.42添加到mikrotik路由器的阻止列表中。我仍然看到用户试图从那里获取smth,但现在每个请求都被阻止。我还没有调查他们的电脑是否存在恶意软件,但很快就会调查。p.s.是tlu.dl.delivery.mp.microsoft.com实际上是microsoft的一部分?Re
tlu.dl.delivery.mp.microsoft.com2-01-3cf7-000d.cdx.cedexis.net