[squid-users] Code Red

From: Talent Internet <info@dont-contact.us>
Date: Mon, 13 Aug 2001 15:03:41 +1000

Another one!

I am running a transparent Squid 2.3STABLE5 (waiting for a few more
stables before I go for 2.4) and have been having issues with it and
the code red viurs. I have read items 17627, 8 & 9 and it sounds
like:

* putting in a urlpath_regex to exclude default.ida? will stop Code
Red V1
* Code Red V2 will not be stopped by the above regex because Code Red
V2 sends illegal characters and headers

Is this correct?

One of my bosses contracted the virus and it was sending about 8000
requests per 5 minutes according to MRTG. This didn't stop Squid from
working altogether as did V1 of Code Red but it did grind the server
down to a fraction of its normal speed.

If it isn't possible to block on a regex, & Code Red II can adversely
affect the operation of Squid, then the natural conclusion is that
people running Squid transparently have a problem - is that correct?

Is there something else we can do?

Cheers to all
Marc Lucke
Received on Sun Aug 12 2001 - 23:02:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:35 MST