[squid-users] Question about access log write speed and a possible DOS-attack (client-side)

From: Peter Smith <peter.smith@dont-contact.us>
Date: Tue, 10 Oct 2006 10:30:32 -0500

Recently I had two of our four Squid [1] proxy servers die. What
appears to have happened is a user was making requests to the proxy so
quickly, that it died with the following message.

FATAL: logfileWrite: /var/log/squid/access.log: (11) Resource
temporarily unavailable
Squid Cache (Version 2.5.STABLE12): Terminated abnormally.

I'm thinking that if a client is able to, possibly, overload Squid's
main disks (or whatever drives the access log is being written to), it
may just simply shutdown. Am I correct? At the moment Squid shutdown,
it looks like this client was making many requests, very fast. So my
question is, is there a finite point at which there are too many
requests/sec for Squid to log and thus cause Squid to die? And finally,
how can you keep this from happening? Perhaps there needs to be a
feedback loop between the logging mechanism and the polling
interface--so that Squid will be held in check by its logging speed?

Thanks,
Peter Smith

[1] Squid Cache (Version 2.5.STABLE12)
Received on Tue Oct 10 2006 - 09:30:40 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST