hmm.. this bug could be the reason for the situation I described in
http://www.mail-archive.com/squid-users@squid-cache.org/msg73257.html
On Fri, Jul 2, 2010 at 1:57 PM, Richard Wall <richard_at_the-moon.net> wrote:
> I just filed a new bug and wondered if anyone here had seen a similar
> problem or had any suggestions about how to track down the possible
> memory leak.
>
> �* http://bugs.squid-cache.org/show_bug.cgi?id=2973
>
> There seems to be quite a bad memory leak in the way Squid handles HTTP
> requests which do not contain a path. For example, one of our customers Squid
> servers, deployed in transparent mode, is receiving many thousands of such
> requests, presumably some sort of DOS attack on the named web server.
>
> {{{
> GET �HTTP/1.1
> Host: aferist.su
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2)
> Gecko/20100115 Firefox/3.6b1 (de) (TL-FF) (.NET CLR 3.5.30729)
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: Keep-Alive
> }}}
>
> Squid logs these as TCP_DENIED/400
> {{{
> 1278006100.745 � � �0 1.2.3.4 TCP_DENIED/400 870 GET NONE:// - NONE/- text/html
> }}}
>
> When the attack starts, we observe a rapid increase in the Squid resident
> memory size until eventually Squid crashes.
>
> -RichardW.
>
Received on Sun Jul 11 2010 - 17:41:36 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 12 2010 - 12:00:04 MDT