lokesh.khanna@accelonafrica.com wrote:
>Hi
>
>I am running squid 2-5-10 on red hat 2.4.21-4.ELsmp with 1 Gb memory.
>Before compiling squid I set ulimt value to 32000. I also set ulimit
>-HSn 32000 command in my squid startup script.
>I noticed if anybody launch dos attack on my network from internal
>network, squid stop responding to other internal users also.
>
What does cache.log say?
> What is the
>solution for this.
>
I think the best solution for these attacks will be at layer network.
> One user should not be able to use whole resources.
>Is there any way to control this?
>I read squid document for maxconn parameter. I set maxconn to 2 for
>testing purpose and I made more than 2 connections ( checked through
>netstat -tn ) from my browsers but squid was still replying me. What
>could be the reason of this?
>
>
Are you sure that acl is correct?
acl example maxconn 2
http_access deny example
it should be work.
Thanks
Emilio C.
Received on Wed Aug 10 2005 - 03:04:18 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT