[squid-users] Re: ACL to protect squid box

From: Adam Aube <aaube01@dont-contact.us>
Date: Fri, 04 Jun 2004 21:48:24 -0400

Tom Frankus wrote:

> No, This is not for windowsupdates. its a request from infected systems
> only. This request never fulfill. It send thousand requests on my squid
> box and my squid box got dead. Its not a valid URL.
>
> I have blocked this URL, and user can still update their windows.
>
> How can we block these kinds of invalid URLs.

You can make a url_regex pattern that matchres the acl types, but Squid will
still have to process the requests.

I would suggest using Swatch to watch your access.log. Any attempt to access
one of these garbage URLs would trigger an IPTables rule blocking that IP
address. Then when users complain, explain why they are being blocked and
tell them to fix their machines.

Adam
Received on Fri Jun 04 2004 - 19:46:43 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT