Joe P.H. Chiang wrote:
What i meant is;
This way when ddos attack occurs.. and the attacker is requesting
something that doesn't exist on my squid servers and backend servers
my server in the backend doesn't have to respond to it, squid will
blocked the request and give a timeout interval for 30 seconds.
so it goes like this
Squid is accepting the request for no-existing file
--> Squid doesn't have such file
-----> Squid Pass the request to backend servers
-------> backend server says I don't have it neither
---------> Squid say okay next time such request will be timeout for 30 seconds
Possible? are there such config?
Not in the way you seems to be asking for.
You can send an Expires: header with the 404 error reply message.
That should make Squid do the not asking again part. During that period
Squid will send back its own stored copy of the 404 to the visitor,
without contacting the web server.
Any well-behaved proxies between you and the attacker will also be
protected and help lift the load on your Squid. Sadly there are a lot of
admin out there who set ignore-expires for things.
Just be aware that any real attacker will disobey the HTTP header
instructions anyway, and some badly configured proxies will as well.
On Tue, Feb 9, 2010 at 12:26 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Joe P.H. Chiang wrote:
Hi All Im New to squid..
I've scanned through squid 2.6 & 3.0 Manual and Definitive guide, but
i still can't find information about this question..
Is it possible to have a request_timeout when the request file doesn't
exist on the squid cache and peer server?
e.g if client requestionwww.example.com/dontexist.html and then
receives 404 http
then the client will have to wait until request_timeout 30 seconds to
able to request
www.example.com/dontexist.html again
could this be done? is there such setting/configuration?
This is a "wetware" problem. You need to teach all your users to press the
refresh button at exactly 30 seconds after any failure.
Seriously though, not the way you describe. You can't prevent people being
"able" to make requests. You can only change the result if they do one you
don't like.
What exactly are you trying to accomplish?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
Current Beta Squid 3.1.0.16
