Re: [squid-users] How do I DOS-proof my cache

From: David Young <[email protected]>
Date: Thu, 17 Apr 2008 15:19:54 +1200

Hi Amos,

Unfortunately the maxconn ACL is not suitable in our circumstance,
since we service several clients who are behind NAT'd IPs.. so there
may be as many as 50 real browsers behind a single IP.. the
collapsedforwarding option looks interesting, I'll keep an eye on
that, thanks :)

- David

On 17/04/2008, at 2:39 PM, Amos Jeffries wrote:
>
> The 'maxconn' ACL is available in all squid to protect against this
> type
> of client.
>
> The collapsed forwarding feature of 2.x designed to cope with wider
> DDoS
> still needs someone with time to port it into 3.x.
> http://wiki.squid-cache.org/Features/CollapsedForwarding
>
> Amos
Received on Tue Apr 22 2008 - 15:35:05 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT