On 12.01.2012 12:49, Momen, Mazdak wrote:
Thanks, looking into it though I think I'm limited by the way I can
set up ACLs. Here is what I'm trying to filter:
1326325020.543 0 *.*.*.* NONE/400 3502 GET / - NONE/- text/html
The starred IP, is the same for every request (all requests pass
through a load balancer). I don't want filter out by that IP but
maybe
by the string of text "GET / - NONE/-". Would this be possible?
Not like that. Depending on your squid version http_status ACL testing
for status 400 may be possible. But that would catch all other status
400 events as well, which you may not want.
The NONE/400 part shows that these are Squid rejecting non-HTTP traffic
arriving at its port. Essentially a slow DoS against Squid. If you can
prevent that happening in the first place it would be better.
Amos
