[squid-users] Squid HIT analysis, worm DoS mitigation, and general config tweaking

From: Paul Seaman <paul@dont-contact.us>
Date: Wed, 25 Feb 2004 00:31:42 -0600

New to the list. I'm sorry if this stuff is covered in a list FAQ somewhere
that I'm unable to find. I have 3 main questions about the wonderful squid

1. I want to analyze my squid logs graphically in terms of TCP_HIT,
and other codes from the logs. I'm sure there's something out there to do
it already that I'm just not aware of.

2. Also, we've been feeling the brunt of all the new Welchia variants that
port 80 attacks through random, high-frequency portscanning, which saps our
squid caches of file descriptors. From doing some previous list reading, I
have set half_closed_connections to off, as well as client_persistent
connections to off. I didn't turn server_persistent to off, because, well,
it sounds important. Am I being a pansy for not doing this? I'm also
curious how these settings help the file descriptor problem, as they sound
like they adjust network connection behaviour as opposed to anything that
impacts file descriptors. Can anyone shed light on how this works? Also,
would there be any reason a service provider with many diversely screwed-up
operating systems and corresponding screwed-up browsers would not want to
muck with these Squid settings?

3. Why is the squid cache so slow when I use diskd? What guidelines do all
of you use for large caches (>20GB) in terms of directory structure, memory
options, and diskd/no diskd, ufs/no ufs?


Received on Tue Feb 24 2004 - 23:33:03 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST