Re: [squid-users] strange requests

From: Hilal Afridi <afridi@dont-contact.us>
Date: Thu, 29 Apr 2004 19:54:33 +0500

Henrik what automatic firewalling will be a problem when you have a small ip
pool like i do however am about to try this maxconn acl.
I didnt get a denial of service or enahanced cpu usage. I got Uplink choking
whenever i come accross such requests havent really been able to make a
connection.
HIlal
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "krv" <krv@kaevee.com>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, April 29, 2004 3:07 PM
Subject: Re: [squid-users] strange requests

> On Thu, 29 Apr 2004, krv wrote:
>
> > I am planning to block the port 80 for these clients in our multilayer
> > switch instead of transparently redirecting them to cache and force them
> > to configure the proxy manually.
> >
> > Any other solutions for this problem?
>
> Automatic firewalling on the proxy when a client is found to use very many
> connections. This can be done by a combination of maxconn acl and
> external_acl_type.
>
> Needs a moderate amount of scripting to make the external_acl_type helper
> wich firewalls the client, but not much.
>
>
>
> acl very_many_connections maxconn 50
> external_acl_type firewall_client %SRC /path/to/helper
> acl firewall_client external firewall_client
>
> http_access deny very_many_connections firewall_client
>
>
>
> You can also have a small program monitoring access.log and automatically
> firewalling clients causing very many TCP_MISS/000 entries.. this is
> probably simpler and more reliable, but requires a little more scripting
> (but still only a moderate amount). Perl using the File::Tail module is
> recommended for the job.
>
> I am happy to write one for you for a reasonable deposition to my paypal
> account if you do not feel prepared to write such scripts yourself.
>
> Regards
> Henrik
>
>
>
Received on Thu Apr 29 2004 - 08:54:48 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT