Search squid archive

Re: Has anyone heard about this option??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So this rule:
iptables -t NAT -A PREROUTING -p tcp -i eth0 --dport 80 -m hashlimit --hashlimit 100/second \ --hashlimit-burst 100 --hashlimit-mode dstport --hashlimit-name "rate limit 80"\
        -J REDIRECT --to-port $AbuseServerTriggerAndNotifyPage

Should do the trick..
But as Amos wrote somewhere if I my memory is right about it..
The application level have some benefits..
While external_acl_type is very tempting a eCAP would be the better choice for performence reasons.
ICAP has the upper hand while allowing concurrency by defalut.

So external_acl_type is nice and helps a lot but it would add some over blocking... if I remeber right. I have tried to read the eCAP docs in the past to make something like the mentioned option avaliable but There is a place for more eCAP examples for specific tasks to make more people use it.

Who is the expert on eCAP?

Thanks!
Eliezer

On 10/10/2013 12:38 AM, Alex Rousskov wrote:
How hard would it be to add a Forward proxy the option to send an error
>page to a runtime syn\accpet\other limit?
If client usage information is available somewhere, then one can use an
external_acl_type or eCAP/ICAP to block or redirect that client. No new
options are needed.


Cheers,

Alex.







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux