I just filed a new bug and wondered if anyone here had seen a similar problem or had any suggestions about how to track down the possible memory leak. * http://bugs.squid-cache.org/show_bug.cgi?id=2973 There seems to be quite a bad memory leak in the way Squid handles HTTP requests which do not contain a path. For example, one of our customers Squid servers, deployed in transparent mode, is receiving many thousands of such requests, presumably some sort of DOS attack on the named web server. {{{ GET HTTP/1.1 Host: aferist.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6b1 (de) (TL-FF) (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: Keep-Alive }}} Squid logs these as TCP_DENIED/400 {{{ 1278006100.745 0 1.2.3.4 TCP_DENIED/400 870 GET NONE:// - NONE/- text/html }}} When the attack starts, we observe a rapid increase in the Squid resident memory size until eventually Squid crashes. -RichardW.
