On Mon, 23 Nov 2009 10:40:57 -0500, Mike Marchywka <marchywka@xxxxxxxxxxx> wrote: > ---------------------------------------- >> Date: Mon, 23 Nov 2009 16:32:29 +0100 >> From: haazeloud@xxxxxxxxx >> To: marchywka@xxxxxxxxxxx >> CC: squid-users@xxxxxxxxxxxxxxx >> Subject: Re: Squid3 reverse proxy & Failed to select >> source strange errors >> >> Hi mike, >> >> Mike Marchywka a écrit : >>> [snip] >>>> Normal website attacks. >>>> >>>> One of the benefits of using Squid is to prevent these resource wasters >>>> getting near the backend processors. "Failed to select source" is good >>>> news. >>>> >>>> You might also want to occasionally scan the access.log to see if any >>>> foreign requests do get through (2xx or 3xx status). If any do you have >>>> a problem, otherwise everything is fine. >>>> >>> >>> I think we had our's up for maybe 1 day before it was discovered. >>> We just added our own headers for authentication. Not sure this >>> is always an option but if you can restrict by IP or UA or something >>> that may be the easiest thing to do. >>> >> Sure, this could be great, but this will not help us I think. >> We're using squid as a reverse proxy, so anyone can tell squid : "please >> give me this static content or this image". I can't see how can i >> restrict this. :) >> > > I haven't given this much thought but if you are just storing things > that go with other content from your server, what bout cookies? If you > only want to serve resources needed for your own pages, then set > some kind of cookie or other header like referer and use that for a squid > validation. If the req doesn't have the page specific header don't return > anything. No need for special stuff here. This is what Squid _already_ does (and doing). see my other answers to the thread. Amos
