hmm.. this bug could be the reason for the situation I described in http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg73257.html On Fri, Jul 2, 2010 at 1:57 PM, Richard Wall <richard@xxxxxxxxxxxx> wrote: > I just filed a new bug and wondered if anyone here had seen a similar > problem or had any suggestions about how to track down the possible > memory leak. > > * http://bugs.squid-cache.org/show_bug.cgi?id=2973 > > There seems to be quite a bad memory leak in the way Squid handles HTTP > requests which do not contain a path. For example, one of our customers Squid > servers, deployed in transparent mode, is receiving many thousands of such > requests, presumably some sort of DOS attack on the named web server. > > {{{ > GET HTTP/1.1 > Host: aferist.su > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) > Gecko/20100115 Firefox/3.6b1 (de) (TL-FF) (.NET CLR 3.5.30729) > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: Keep-Alive > }}} > > Squid logs these as TCP_DENIED/400 > {{{ > 1278006100.745 0 1.2.3.4 TCP_DENIED/400 870 GET NONE:// - NONE/- text/html > }}} > > When the attack starts, we observe a rapid increase in the Squid resident > memory size until eventually Squid crashes. > > -RichardW. >
