Re: [squid-users] None Existing File; Repeating Request Timeout

From: Joe P.H. Chiang <jo3chiang_at_gmail.com>
Date: Wed, 10 Feb 2010 02:59:28 +0800

Ok, Thank you very much for taking your time and answer my questions

On Tue, Feb 9, 2010 at 6:40 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Joe P.H. Chiang wrote:
>>
>> What i meant is;
>>
>> This way when ddos attack occurs.. and the attacker is requesting
>> something that doesn't exist on my squid servers and backend servers
>>
>> my server in the backend doesn't have to respond to it, squid will
>> blocked the request and give a timeout interval for 30 seconds.
>>
>> so it goes like this
>> Squid is accepting the request for no-existing file
>> --> Squid doesn't have such file
>> -----> Squid Pass the request to backend servers
>> -------> backend server says I don't have it neither
>> ---------> Squid say okay next time such request will be timeout for 30
>> seconds
>>
>> Possible? are there such config?
>>
>
> Not in the way you seems to be asking for.
>
> You can send an Expires: header with the 404 error reply message.
> That should make Squid do the not asking again part. During that period
> Squid will send back its own stored copy of the 404 to the visitor, without
> contacting the web server.
> �Any well-behaved proxies between you and the attacker will also be
> protected and help lift the load on your Squid. Sadly there are a lot of
> admin out there who set ignore-expires for things.
>
> Just be aware that any real attacker will disobey the HTTP header
> instructions anyway, and some badly configured proxies will as well.
>
>
>>
>>
>> On Tue, Feb 9, 2010 at 12:26 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>>
>>> Joe P.H. Chiang wrote:
>>>>
>>>> Hi All Im New to squid..
>>>>
>>>> I've scanned through squid 2.6 & 3.0 Manual and Definitive guide, but
>>>> i still can't find information about this question..
>>>>
>>>> Is it possible to have a request_timeout when the request file doesn't
>>>> exist on the squid cache and peer server?
>>>> e.g if client requestionwww.example.com/dontexist.html and then
>>>> receives 404 http
>>>> then the client will have to wait until request_timeout 30 seconds to
>>>> able to request
>>>> www.example.com/dontexist.html again
>>>> could this be done? is there such setting/configuration?
>>>
>>> This is a "wetware" problem. You need to teach all your users to press
>>> the
>>> refresh button at exactly 30 seconds after any failure.
>>>
>>>
>>> Seriously though, not the way you describe. You can't prevent people
>>> being
>>> "able" to make requests. You can only change the result if they do one
>>> you
>>> don't like.
>>>
>>> What exactly are you trying to accomplish?
>
>
> Amos
> --
> Please be using
> �Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
> �Current Beta Squid 3.1.0.16
>

-- 
Thanks,
Joe
Received on Tue Feb 09 2010 - 18:59:37 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 10 2010 - 12:00:05 MST