Re: [PATCH] client_max_connections -- Hard-limit client connections at a global level

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Thu, 2 Jul 2009 17:48:49 -0400 (EDT)

Alex Rousskov has voted tweak.
Status is now: Conditionally approved
Comment:
Consider s/client_max_connections/client_ip_max_connections/, to
emphasize that this control is working using client IP addresses and not
some other definition of a "client".

I would remove the word "inbound" in .pre documentation. Its meaning
depends on whether the proxy is forward or reverse. The "from client" is
sufficient.

Zero should be a valid maximum rather than an undocumented "no limit"
value, I guess. Might even be borderline practical in certain cases to
temporary reconfigure Squid so that it does not accept new requests.

Should we warn at configuration time if client_db is not enabled?

I would be more specific than "negative effect" in the WARNING.

Should we log a warning when the limit is exceeded for the first (or
Nth) time to give admins some sense that this is working,
misconfiguired, and/or that they are under attack? N would need to be at
least 10,000 and maybe 100,000.

For details, see:
http://bundlebuggy.aaronbentley.com/project/squid/request/%3C4A461626.8000505%40treenet.co.nz%3E
Project: Squid
Received on Thu Jul 02 2009 - 21:48:53 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 03 2009 - 12:00:03 MDT