On Thu, 29 Apr 2004, krv wrote:
> I am planning to block the port 80 for these clients in our multilayer
> switch instead of transparently redirecting them to cache and force them
> to configure the proxy manually.
>
> Any other solutions for this problem?
Automatic firewalling on the proxy when a client is found to use very many
connections. This can be done by a combination of maxconn acl and
external_acl_type.
Needs a moderate amount of scripting to make the external_acl_type helper
wich firewalls the client, but not much.
acl very_many_connections maxconn 50
external_acl_type firewall_client %SRC /path/to/helper
acl firewall_client external firewall_client
http_access deny very_many_connections firewall_client
You can also have a small program monitoring access.log and automatically
firewalling clients causing very many TCP_MISS/000 entries.. this is
probably simpler and more reliable, but requires a little more scripting
(but still only a moderate amount). Perl using the File::Tail module is
recommended for the job.
I am happy to write one for you for a reasonable deposition to my paypal
account if you do not feel prepared to write such scripts yourself.
Regards
Henrik
Received on Thu Apr 29 2004 - 04:08:04 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT