Re: [squid-users] strange requests

From: krv <[email protected]>
Date: Thu, 29 Apr 2004 16:29:16 +0530

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "krv" <krv@kaevee.com>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, April 29, 2004 3:37 PM
Subject: Re: [squid-users] strange requests

> On Thu, 29 Apr 2004, krv wrote:
>
> > I am planning to block the port 80 for these clients in our multilayer
> > switch instead of transparently redirecting them to cache and force them
> > to configure the proxy manually.
> >
> > Any other solutions for this problem?
>
> Automatic firewalling on the proxy when a client is found to use very many
> connections. This can be done by a combination of maxconn acl and
> external_acl_type.
>
> Needs a moderate amount of scripting to make the external_acl_type helper
> wich firewalls the client, but not much.
>
>
>
> acl very_many_connections maxconn 50
> external_acl_type firewall_client %SRC /path/to/helper
> acl firewall_client external firewall_client
>
> http_access deny very_many_connections firewall_client
>
>
>
> You can also have a small program monitoring access.log and automatically
> firewalling clients causing very many TCP_MISS/000 entries.. this is
> probably simpler and more reliable, but requires a little more scripting
> (but still only a moderate amount). Perl using the File::Tail module is
> recommended for the job.
>
> I am happy to write one for you for a reasonable deposition to my paypal
> account if you do not feel prepared to write such scripts yourself.
>

Thanks for the offer to help. I am trying to monitor the attacks using
netflow exports. I will get back to you soon.

Venkatesh K
Received on Thu Apr 29 2004 - 04:58:32 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT