squid, super antispyware, and iptables

Argh…what a day. We’ll I did some poking around in squid’s access.log to find out how Super Antispyware downloaded it’s updates. It turns out it’s very simple, based on eight queries (I’m not 100% sure of the order or frequency, and I don’t guess it matters):

Argh…what a day. We’ll I did some poking around in squid’s access.log to find out how Super Antispyware downloaded it’s updates. It turns out it’s very simple, based on eight queries (I’m not 100% sure of the order or frequency, and I don’t guess it matters). The first 4 queries are:

The next four queries are just like the first, only sas_processlist.php becomes sas_processlistrelated.php, and GETPROCESSLISTZIP becomes GETPROCESSLISTRELATEDZIP. I guess this is a different set of definitions. Maybe one is adware and the other is spyware or something like that.

Anyway, I used the following rule.  I tried several combinations, and this seemed to be the only one that would keep the program from getting squid to force a fresh download (note, this should be 1 line)

refresh_pattern updates.superantispyware.com/sas_processlist.*  1440 100% 4320
ignore-reload override-lastmod override-expire

This will make it download a fresh copy no more often than once per day, but no less often than 3 days (if I understand refresh_pattern correctly).

All that worked out.  I ran into trouble when I was trying to figure out why the proxy server itself didn’t download stuff through squid.  It’s no big deal, really, but I wondered why my iptables rules weren’t working.  I tried some stuff that didn’t work, but when I changed it back squid didn’t work at all!  I spent a lot of time troubleshooting, and I think it turned out that the network connection on my workstation just needed to be reset.  I was going nuts trying to figure out how it used to work, but stopped.  Everything is back the way it was now, but I still don’t know what’s wrong with my iptables rules.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: