Search squid archive
How do I DOS-proof my cache
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: How do I DOS-proof my cache
- From: David Young <david@xxxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2008 12:07:21 +1200
Hey Squid users :)
We had a problem recently where a user with a misconfigured download
accelerator was able to bring our proxy to its knees, downloading an
80MB driver about 100 times in parallel. We temporarily solved the
problem by stopping the download accelerator, but this makes me aware
of how vulnerable our proxy is to heavy DOS-type attacks.
I've read a bit about the partial object caching expected in 3.1,
range_offset, and half-closed clients. Can anybody share some ideas
for making a squid cache more resilient to this kind of abuse / attack?
Thanks!
- David
[Index of Archives]
[Linux Audio Users]
[Samba]
[Big List of Linux Books]
[Linux USB]
[Yosemite News]