I just filed a new bug and wondered if anyone here had seen a similar
problem or had any suggestions about how to track down the possible
memory leak.
* http://bugs.squid-cache.org/show_bug.cgi?id=2973
There seems to be quite a bad memory leak in the way Squid handles HTTP
requests which do not contain a path. For example, one of our customers Squid
servers, deployed in transparent mode, is receiving many thousands of such
requests, presumably some sort of DOS attack on the named web server.
{{{
GET HTTP/1.1
Host: aferist.su
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2)
Gecko/20100115 Firefox/3.6b1 (de) (TL-FF) (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: Keep-Alive
}}}
Squid logs these as TCP_DENIED/400
{{{
1278006100.745 0 1.2.3.4 TCP_DENIED/400 870 GET NONE:// - NONE/- text/html
}}}
When the attack starts, we observe a rapid increase in the Squid resident
memory size until eventually Squid crashes.
-RichardW.
Received on Fri Jul 02 2010 - 10:57:45 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 11 2010 - 12:00:03 MDT