2011/7/8 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 08/07/11 02:36, Carlos Manuel Trepeu Pupo wrote: >> >> Hi! I'm using squid 3.0 STABLE1. Here are my delay_pool in the squid.conf >> >> acl enterprise src 10.10.10.2/32 >> acl bad_guys src 10.10.10.52/32 >> acl dsl_bandwidth src 10.10.48.48/32 >> >> delay_pools 3 >> >> delay_class 1 1 >> delay_parameters 1 25600/25600 >> delay_access 1 allow bad_guys >> delay_access 1 deny all >> >> delay_class 2 1 >> delay_parameters 2 65536/65536 >> delay_access 2 allow enterprise >> delay_access 2 deny all >> >> delay_class 3 1 >> delay_parameters 3 10240/10240 >> delay_access 3 allow dsl_bandwidth >> delay_access 3 deny all >> >> >> I think everything was right, but since yesterday I see "bad_guys" >> downloading from youtube using all my bandwidth !! I have a channel of >> 128 Kb in technology ATM. So I hope you can help me !!!!!!! > > step 1) please verify that a recent release still has this problem. > 3.0.STABLE1 was obsoleted years ago. > > step 2) check for things like follow_x_forwarded_for allowing them to fake > their source address. 3.0 series did not check this properly and allows > people to trivially bypass any IP-based security if you trust that header. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.14 > Beta testers wanted for 3.2.0.9 > I If I deny "bad_guys" they can't surf. The user it's a client who have a Kerio Firewall-Proxy with 10 users. I make the test to visit them and stop his service, then the bandwidth go down, so I check they are who violate the delay_pool. Now, the question is why this happen? (Every time this happen I check the destination domain it's youtube and they are downloading from there.)
