RE: [squid-users] Squid3 reverse proxy & Failed to select source strange errors

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 24 Nov 2009 12:15:56 +1300

On Mon, 23 Nov 2009 10:40:57 -0500, Mike Marchywka <marchywka_at_hotmail.com>
wrote:
> ----------------------------------------
>> Date: Mon, 23 Nov 2009 16:32:29 +0100
>> From: haazeloud_at_gmail.com
>> To: marchywka_at_hotmail.com
>> CC: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Squid3 reverse proxy & Failed to select
>> source strange errors
>>
>> Hi mike,
>>
>> Mike Marchywka a écrit :
>>> [snip]
>>>> Normal website attacks.
>>>>
>>>> One of the benefits of using Squid is to prevent these resource
wasters
>>>> getting near the backend processors. "Failed to select source" is
good
>>>> news.
>>>>
>>>> You might also want to occasionally scan the access.log to see if any
>>>> foreign requests do get through (2xx or 3xx status). If any do you
have
>>>> a problem, otherwise everything is fine.
>>>>
>>>
>>> I think we had our's up for maybe 1 day before it was discovered.
>>> We just added our own headers for authentication. Not sure this
>>> is always an option but if you can restrict by IP or UA or something
>>> that may be the easiest thing to do.
>>>
>> Sure, this could be great, but this will not help us I think.
>> We're using squid as a reverse proxy, so anyone can tell squid :
"please
>> give me this static content or this image". I can't see how can i
>> restrict this. :)
>>
>
> I haven't given this much thought but if you are just storing things
> that go with other content from your server, what bout cookies? If you
> only want to serve resources needed for your own pages, then set
> some kind of cookie or other header like referer and use that for a
squid
> validation. If the req doesn't have the page specific header don't
return
> anything.

No need for special stuff here. This is what Squid _already_ does (and
doing).
see my other answers to the thread.

Amos
Received on Mon Nov 23 2009 - 23:16:03 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST