Hi I am able to set maximum connection as 2 in squid. And squid gives me error "Access Denied" also when I send multiple request to squid. My questions are 1. Is squid checking how many concurrent http get request it is getting and based on that it will allow and reject. 2. If one pc try to send more http request squid will give error message " Access denied" . Will squid not open FD in this case? Will I be able to control DOS attack using this feature? 3. If I put a /24 subnet address and allow 5 connections. Does it mean any single IP address which belong to that subnet can send 5 concurrent http get requests. So whole subnet should be able to send 254 * 5 concurrent get request. Cordially, Lokesh -----Original Message----- From: lokesh.khanna@xxxxxxxxxxxxxxxxx [mailto:lokesh.khanna@xxxxxxxxxxxxxxxxx] Sent: Wednesday, August 10, 2005 10:14 AM To: ecasbas@xxxxxxx Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: dos attack - How to handle Hi There is no error in Cache.log. I don't get any file descriptor message in cache.log My configuration was acl losers src 192.168.1.0/24 acl 2CONN maxconn 5 http_access deny 2CONN losers My laptop ip address was 192.168.1.2 Thanks- Lokesh -----Original Message----- From: Emilio Casbas [mailto:ecasbas@xxxxxxx] Sent: Wednesday, August 10, 2005 10:06 AM To: Lokesh Khanna Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: dos attack - How to handle lokesh.khanna@xxxxxxxxxxxxxxxxx wrote: >Hi > >I am running squid 2-5-10 on red hat 2.4.21-4.ELsmp with 1 Gb memory. >Before compiling squid I set ulimt value to 32000. I also set ulimit >-HSn 32000 command in my squid startup script. >I noticed if anybody launch dos attack on my network from internal >network, squid stop responding to other internal users also. > What does cache.log say? > What is the >solution for this. > I think the best solution for these attacks will be at layer network. > One user should not be able to use whole resources. >Is there any way to control this? >I read squid document for maxconn parameter. I set maxconn to 2 for >testing purpose and I made more than 2 connections ( checked through >netstat -tn ) from my browsers but squid was still replying me. What >could be the reason of this? > > Are you sure that acl is correct? acl example maxconn 2 http_access deny example it should be work. Thanks Emilio C. Disclaimer ************************************************************************ **************************************************** The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com ************************************************************************ ****************************************************** Disclaimer **************************************************************************************************************************** The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com ******************************************************************************************************************************