Re: [squid-users] code red is making horrible on our network

From: Alex Rousskov <rousskov@dont-contact.us>
Date: Thu, 9 Aug 2001 17:46:10 -0600 (MDT)

On Thu, 9 Aug 2001, Luiz Lima wrote:

> I really need a way to tell Squid to NOT proccess the requests
> before it take resourses away from valid ones.

I do not think you can solve the problem by modifying Squid. If I get
you right, you are under a distributed denial of service attack
(essentially) originated from your own customers. Squid cannot handle
a DoS attack very well because it sits too high in the processing
stack.

The correct solution is to block worm URLs before they reach Squid or
any other L7 application. Unfortunately, you need to be at L7 to block
based on URLs! Thus, there is no solution to the problem. Welcome to
the world of DDoS.

You can hack your way out by auto-parsing Squid access log,
auto-extracting IP addresses of affected customers, and auto-building
a "block" or, better, "do-not-redirect-to-Squid" IP list for your
router...

$0.02,

Alex.
Received on Thu Aug 09 2001 - 17:46:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:31 MST