Search squid archive

Re: Reverse - Apache - Syn Flood

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hi all,
>
> I want to setup Squid reverse proxy for my apache servers. But.. Can
> Squid protect my apache servers from Syn flood and Bot-Net attack ? or
> Squid drop this connection, when apache is the syn_recv ? or Squid
> Reverse be enough to this as resource ? or Can it be resource problem?
>
> thanks everybody..
>
> --
> Mehmet CELIK
> Istanbul/TURKEY
>

Squid simply acts as a speed buffer between the web and the Apache.

Yes it protects the apache by taking the full brunt of the attacks away.
If the flood is big enough to take down Squid, the website is still
offline. Since everything has to go through squid, that is equivalent to
taking out the Apache itself.

What squid does in these situations is raise the maximum level at which
such attack has any effect. Say your Apache can handle 500 req/sec and
Squid 8000 req/sec. The attacker has to bust more than 8000 req/sec to
kill the site instead of only 500.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux