Ok, Thank you very much for taking your time and answer my questions On Tue, Feb 9, 2010 at 6:40 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Joe P.H. Chiang wrote: >> >> What i meant is; >> >> This way when ddos attack occurs.. and the attacker is requesting >> something that doesn't exist on my squid servers and backend servers >> >> my server in the backend doesn't have to respond to it, squid will >> blocked the request and give a timeout interval for 30 seconds. >> >> so it goes like this >> Squid is accepting the request for no-existing file >> --> Squid doesn't have such file >> -----> Squid Pass the request to backend servers >> -------> backend server says I don't have it neither >> ---------> Squid say okay next time such request will be timeout for 30 >> seconds >> >> Possible? are there such config? >> > > Not in the way you seems to be asking for. > > You can send an Expires: header with the 404 error reply message. > That should make Squid do the not asking again part. During that period > Squid will send back its own stored copy of the 404 to the visitor, without > contacting the web server. > Any well-behaved proxies between you and the attacker will also be > protected and help lift the load on your Squid. Sadly there are a lot of > admin out there who set ignore-expires for things. > > Just be aware that any real attacker will disobey the HTTP header > instructions anyway, and some badly configured proxies will as well. > > >> >> >> On Tue, Feb 9, 2010 at 12:26 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> >> wrote: >>> >>> Joe P.H. Chiang wrote: >>>> >>>> Hi All Im New to squid.. >>>> >>>> I've scanned through squid 2.6 & 3.0 Manual and Definitive guide, but >>>> i still can't find information about this question.. >>>> >>>> Is it possible to have a request_timeout when the request file doesn't >>>> exist on the squid cache and peer server? >>>> e.g if client requestionwww.example.com/dontexist.html and then >>>> receives 404 http >>>> then the client will have to wait until request_timeout 30 seconds to >>>> able to request >>>> www.example.com/dontexist.html again >>>> could this be done? is there such setting/configuration? >>> >>> This is a "wetware" problem. You need to teach all your users to press >>> the >>> refresh button at exactly 30 seconds after any failure. >>> >>> >>> Seriously though, not the way you describe. You can't prevent people >>> being >>> "able" to make requests. You can only change the result if they do one >>> you >>> don't like. >>> >>> What exactly are you trying to accomplish? > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 > Current Beta Squid 3.1.0.16 > -- Thanks, Joe
