2008/6/17, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>: > Other applications are abusing the CONNECT method to do the same thing. > meant to be used for SSL, but is in reality being used a lot more for > other traffic such as FTP, IRC, Peer-To-Peer and god knows what.. > Regards > Henrik YES!!! Use lot of traffic is one thing. Abuse is another thing. Some download softwares (and sites) legally mutually break a big file in to million of 100-200 bytes files and try to parallelly send all those million chunks through proxy. My squid just moans "NO FILE DESCRIPTORS" for over a month, eventhough it's the only app running on Linux Box with no limit. I know we have MaxConn. But seem those intelligent (?!!?) s/w still able to slip pass through. They forces squid to open/close/open/close thousands of connection per sec ... As each "file" size is less than 200 bytes .. squid doesn't catch it. Delay_pool let it pass through too. Heh, could anyone suggest me whether we can limit client's tcp connection rate? -- ... Lyrics of the Forest ...
