Re: [squid-users] Massive problems with https connections to Domino Server (long) -partly solution

From: Rainer Traut <>
Date: Thu, 12 Feb 2004 11:02:38 +0100

thanks to both of you, Henrik and vda(?),
for being so patient with me. ;) wrote:

>>- you can block other programs like icq.
>>Only way of really blocking things like icq I can think of is
>>by changing dns resolution for these hosts. simply done on the proxy
>>server and not for the whole network.
> Doable with iptables (block by port#)
Not that easy...
You can configure icq to use nearly any port connecting to
their login servers, and ICQ will try them all out for you... ;)
So if you have any open port through your firewall chance is big
that icq works.

> What can you do against someone plugging into your intranet
> a preconfigured laptop which will NOT ask novell about anything
> before going direct?
That's right, sure.
But we usually do not allow anyone or any ip address to go directly.
In this case here we allowed this to test with and without proxy.

Ok, here is what we did so that we cannot reproduce the error anymore.
The images of our application are loaded by javascript and switched from
visible to invisible and back again.
But there seemed to be a mistake so that every image was requested again
and again by the browser though it should not.
Just the navigator part had about 50 imgaes loaded on every click.
We reduced this dramatically so that i cannot reproduce this behaviour
anymore. I know this does not exlain why i could DOS the server but it
works now... Only explanation I have is traffic caused by the client was
simply too high?!

Received on Thu Feb 12 2004 - 03:03:05 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST