Here is the request this guy is sending. Perhaps, this could shed some light. ..............E..dm.@.....|...`9.....P..].-..#P....H..GET.http://www.asd818.com/.HTTP/1.1..Accept:.*/*..Referer:.http://www.asd818.com/..Accept-Language:.zh-cn..Accept-Encoding:.gzip,.deflate..User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0;.Windows.5.1;Windows.5.5;Windows.6.0)..Host:.www.asd818.com..Proxy-Connection:.Keep-Alive..Pragma:.no-cache..Cookie:.Keep-Alive... Thanks again On Mon, Jun 4, 2012 at 7:42 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 4/06/2012 8:36 a.m., Roman Gelfand wrote: >> >> I have setup squid server to function as both forward and reverse >> proxy. It appears that I am getting flooded with http requests with >> non existant urls. Consequently, this slows down my firewall as the >> dns server is slowing down the query response. Is there a way to >> prevent dns lookup if url doesn't match the pattern? >> >> Thanks in advance > > > Squid rejects requests with non-existant URLs as invalid HTTP syntax during > parsing. There is no DNS involved there. > > I assume you mean the URL has a unregistered domain name and the requests > are coming in with a great many different domains? > > Reverse-proxy requests should have 0 DNS usage. Forward-proxy should only > need DNS after accepting a request for relay. There are some exceptions to > that, but most networks will fit that generalization. It is achieved by > reverse-proxy using dstdomain ACLs, and forward-proxy using src client IP or > proxy_auth login credentials to determin traffic acceptance. DNS is not > involved in any of those ACL types. > > This small alteration (adding localnet filter) to the basic reverse-proxy > config should stop those requests no DNS involved: > > # reverse-proxy rules > acl localdomains dstdomain example.com > http_access allow localdomains > http_access deny !localnet > > # ... other forward-proxy rules... > > > Also; If you have "dst" in the reverse-proxy allow rules, change it to > dstdomain and DNS load should vanish. > > > Amos >
