Re: [SQU] Could squid cause download flood?

Please, look my ACL:

acl all src 0.0.0.0/0.0.0.0
acl atinet1 src 200.231.29.0/255.255.255.0
acl atinet2 src 200.246.59.0/255.255.255.192
acl atinet3 src 200.246.59.64/255.255.255.192

acl ntserver1 src 200.231.29.2/255.255.255.255
acl ntserver2 src 200.231.29.4/255.255.255.255
acl linuxgw src 200.206.45.5/255.255.255.255
acl snmppublic snmp_community public
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# Access to the ICP port:
# icp_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to allow
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow atinet1
http_access allow atinet2
http_access allow atinet3
http_access allow linuxgw
http_access deny all

# TAG: icp_access
# Reply to all ICP queries we receive
#
icp_access allow atinet1
icp_access allow atinet2
icp_access allow atinet3
icp_access allow linuxgw
icp_access deny all

# TAG: miss_access
# Use to force your neighbors to use you as a sibling instead of
# a parent. For example:
#
# acl localclients src 172.16.0.0/16
# miss_access allow localclients
# miss_access deny !localclients
#
# This means that only your local clients are allowed to fetch
# MISSES and all other clients can only fetch HITS.
#
# By default, allow all clients who passed the http_access rules
# to fetch MISSES from us.
miss_access allow atinet1
miss_access allow atinet2
miss_access allow atinet3
miss_access allow linuxgw
miss_access deny all

Is something wrong?

Thank you

Edinilson

------------------------------------------
ATINET-Afiliado UOL de Atibaia
Rua Francisco R. Santos, 54 sala 3
ATIBAIA/SP Cep: 12940-000
Tel: (0xx11) 4412-0876
http://www.atinet.com.br
----- Original Message -----
From: "Lary Holland" <lholland@fli-online.com>
To: "Edinilson J. Santos" <edinilson@atinet.com.br>
Sent: Monday, October 23, 2000 1:13 PM
Subject: RE: [SQU] Could squid cause download flood?

Is it conceivable that you may all be receiving requests from other proxies
and clients because of acl's not correctly being implemented?

I ask this because our network receives scans every hour looking for the
same old stuff, one of those is wide-open proxy.

Lary Holland
President/CEO
"Building High-Perf networks one city at a time."
-------------------------
http://www.fli-online.com
http://www.planet-isp.net
-------------------------

-----Original Message-----
From: Edinilson J. Santos [mailto:edinilson@atinet.com.br]
Sent: Monday, October 23, 2000 5:30 AM
To: squid-users@ircache.net
Subject: Re: [SQU] Could squid cause download flood?

I'm having a similar problem, but with Squid 2.3 Stable 4
Look at my mrtg graphics, http://www.atinet.com.br/mrtg/public

When the link reach 100%, only few clients are acessing but squid was
consuming the bandwidth.

thanks

Edinilson

------------------------------------------
ATINET-Afiliado UOL de Atibaia
Rua Francisco R. Santos, 54 sala 3
ATIBAIA/SP Cep: 12940-000
Tel: (0xx11) 4412-0876
http://www.atinet.com.br

----- Original Message -----
From: "Li Ni" <liny@nets.com.cn>
To: <squid-users@ircache.net>
Sent: Monday, October 23, 2000 3:50 AM
Subject: [SQU] Could squid cause download flood?

Hello every one.
I'm sorry for my poor English, but I've met a serious problem, and need some
comments from here.

I am a newbie, but I became a network administrator.
I am using squid as www proxy of my company.
The squid run very well when it's version is 2.2.STABLE1 which is shipped
with Redhat 6.0.
In August, I replace squid from 2.2.STABLE1 to 2.3.STABLE3 which support
'myport' option.

On August 24, I notice this kind of log
"WARNING: Disk space over limit: 409611 KB > 409600 KB" in cache.log.
So I download squid-2.3.stable3-storeExpiredReferenceAge.patch, and patch
the source. After complie, I start squid again, it seem to be all right
until 24 hour passed.

On August 25, about 2:30pm, download flood began, the router which can
monitor the net using show that there are many of web request and response
data flow from and into my proxy server, I'm sure there are not any other
service in the proxy server that can be used to access web except squid. On
5:35pm, cache.log got this
"2000/08/25 17:35:22| WARNING! Your cache is running out of filedescriptors"
until
"2000/08/26 08:10:26| WARNING! Your cache is running out of
filedescriptors".
There are 1024 filedescriptor in my linux system.

The download flood last 5 days, it totally cost 60G WWW data(counted by
router). After I restart the squid, the flood disapear, and never come
again.

I am not kept the raw access.log file, only kept the week reports that
generated by sqmgrlog weekly. From the reports the totally access data are
far less than 60G only about 10G.

Where the other so many data come from?
Did many of concurrent connections cause squid error?
Or sqmgrlog didn't analyse log file correctly?

I do not know why this happen.

You can get my cache.log from http://202.118.2.101:8080/cache.log
and my squid.conf from http://202.118.2.101:8080/squid.conf
and see my reports of august from
http://202.118.2.101:8080/squid-reports-weekly/

All help will be appreciated.

-Li Ni

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html