Had a little incident here where a possible fork or dos attack may have
been launched from an internal device so I want to limit the number of
connections per IP address to 100. Essentially, CPU and memory
utilization went to 100% at about 11PM when pretty much no one's around
and very few offsite connections. Oom-killer killed squid - general
crash and burn stuff after that. Logs were pretty useless as CPU at 100%
pretty much prevented logging.
Anyway, just want to make sure I have my conf right so here's what I've
come up with:
acl our_networks src 10.0.0.0/8
acl numconn maxconn 100
http_access deny our_networks numconn
http_access allow our_networks
http_access deny all
Is this right? Couldn't find a good clean example in the archives and
I'm a little dense sometimes when reading directions.
Also, getting as "big brotherish" as possible, if maxconn is reached by
an IP, is there any way to generate an email with the IP in it?
Thanks,
Dave
Received on Tue Feb 20 2007 - 11:54:49 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST