Re: [squid-users] dos attack - How to handle

From: Emilio Casbas <ecasbas@dont-contact.us>
Date: Wed, 10 Aug 2005 11:06:01 +0200

lokesh.khanna@accelonafrica.com wrote:

>Hi
>
>I am running squid 2-5-10 on red hat 2.4.21-4.ELsmp with 1 Gb memory.
>Before compiling squid I set ulimt value to 32000. I also set ulimit
>-HSn 32000 command in my squid startup script.
>I noticed if anybody launch dos attack on my network from internal
>network, squid stop responding to other internal users also.
>
What does cache.log say?

> What is the
>solution for this.
>
I think the best solution for these attacks will be at layer network.

> One user should not be able to use whole resources.
>Is there any way to control this?
>I read squid document for maxconn parameter. I set maxconn to 2 for
>testing purpose and I made more than 2 connections ( checked through
>netstat -tn ) from my browsers but squid was still replying me. What
>could be the reason of this?
>
>
Are you sure that acl is correct?

acl example maxconn 2
http_access deny example

it should be work.

Thanks
Emilio C.
Received on Wed Aug 10 2005 - 03:04:18 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT