Search squid archive

Squid ACLs and limiting connections by IP address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Had a little incident here where a possible fork or dos attack may have
been launched from an internal device so I want to limit the number of
connections per IP address to 100.  Essentially, CPU and memory
utilization went to 100% at about 11PM when pretty much no one's around
and very few offsite connections.  Oom-killer killed squid - general
crash and burn stuff after that. Logs were pretty useless as CPU at 100%
pretty much prevented logging.

Anyway, just want to make sure I have my conf right so here's what I've
come up with:

acl our_networks src 10.0.0.0/8
acl numconn maxconn 100
http_access deny our_networks numconn
http_access allow our_networks
http_access deny all

Is this right?  Couldn't find a good clean example in the archives and
I'm a little dense sometimes when reading directions.

Also, getting as "big brotherish" as possible, if maxconn is reached by
an IP, is there any way to generate an email with the IP in it?
Thanks,
Dave


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux