Re: [squid-users] Prevent client spamming

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 30 Apr 2012 11:55:13 +1200

On 30.04.2012 02:25, Jose-Marcio Martins da Cruz wrote:
> squid squid wrote:
>>
>> Hi,
>>
>> I have a server running Squid 2.7 stable 15 and facing client
>> spamming. The problem happen when a client press and hold on to the F5
>> button on the PC and this will generate few hundred of requests to the
>> my squid proxy.
>>
>> Please advise how can I prevent or drop the client traffic when the
>> above happen.
>
> F5 = refresh ?
>
> Maybe you should begin understanding what's happening and the kind of
> requests being done.

What actual Squid version you are using? Squid 2.7 series is only up to
point-release "2.7.STABLE9". There is not nor likely to ever be a
"2.7.STABLE15".

This sounds more like a DoS attack or an infinite retry loop than a
client sending spam emails through your proxy, or even using a browser
refresh button.

  * Have you tried it yourself? Which browser permits a DoS attack to be
performed by one user with a simple button press?

  * Why was the user needing refresh in the first place? (are you
violating HTTP by force-caching things that should not be cached?)

  * What is your log actually displaying?

  * are you certain its one user and not many? what is your knowledge
based on (same TCP connection is not sufficient).

All these questions need to be known before we can give real help.

Amos
Received on Sun Apr 29 2012 - 23:55:18 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 30 2012 - 12:00:04 MDT