Hi Amos,
Unfortunately the maxconn ACL is not suitable in our circumstance,
since we service several clients who are behind NAT'd IPs.. so there
may be as many as 50 real browsers behind a single IP.. the
collapsedforwarding option looks interesting, I'll keep an eye on
that, thanks :)
- David
On 17/04/2008, at 2:39 PM, Amos Jeffries wrote:
The 'maxconn' ACL is available in all squid to protect against this
type
of client.
The collapsed forwarding feature of 2.x designed to cope with wider
DDoS
still needs someone with time to port it into 3.x.
http://wiki.squid-cache.org/Features/CollapsedForwarding
Amos
