> 891037287.992 122613 206.136.25.197 TCP_MISS/504 995 GET
> http://127.0.0.1/~jbart
> a/idiot/idiot.html - DIRECT/127.0.0.1 -
> 891037288.002 122502 127.0.0.1 TCP_MISS/504 241 GET
> http://127.0.0.1/~jbarta/idi
> ot/idiot.html - DIRECT/127.0.0.1 -
> 891037288.002 122489 127.0.0.1 TCP_MISS/504 241 GET
> http://127.0.0.1/~jbarta/idi
> ot/idiot.html - DIRECT/127.0.0.1 -
>
> (this repeats a few thousand times until I go kill -9 squid and ipnat
> -F.)
I don't think setting up your firewall to discard traffic to/from 127.0.0.1 is
going to help fix this, as it looks like a perfectly valid URL for 127.0.0.1 is
being requested by the client via a perfectly valid HTTP session.
Try using ACLs to deny any requests for 127.0.0.1 - which should prevent Squid
from trying to request a file from itself.
Perhaps:
acl LOOPBACK dst 127.0.0.0/255.0.0.0
http_access deny LOOPBACK
A Squid DoS attack! Sounds like a patch is needed. Let's fix this before
somebody tells bugtraq... :)
-- John Hardin KA7OHZ jhardin@wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- 1 day until Daylight Savings Time beginsReceived on Sat Apr 04 1998 - 09:36:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:35 MST