Search squid archive

Re: about delay_pools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/07/11 02:36, Carlos Manuel Trepeu Pupo wrote:
Hi! I'm using squid 3.0 STABLE1. Here are my delay_pool in the squid.conf

acl enterprise src 10.10.10.2/32
acl bad_guys src 10.10.10.52/32
acl dsl_bandwidth src 10.10.48.48/32

delay_pools 3

delay_class 1 1
delay_parameters 1 25600/25600
delay_access 1 allow bad_guys
delay_access 1 deny all

delay_class 2 1
delay_parameters 2 65536/65536
delay_access 2 allow enterprise
delay_access 2 deny all

delay_class 3 1
delay_parameters 3 10240/10240
delay_access 3 allow dsl_bandwidth
delay_access 3 deny all


I think everything was right, but since yesterday I see "bad_guys"
downloading from youtube using all my bandwidth !! I have a channel of
128 Kb in technology ATM. So I hope you can help me !!!!!!!

step 1) please verify that a recent release still has this problem. 3.0.STABLE1 was obsoleted years ago.

step 2) check for things like follow_x_forwarded_for allowing them to fake their source address. 3.0 series did not check this properly and allows people to trivially bypass any IP-based security if you trust that header.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for 3.2.0.9


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux