On 10/04/2014 1:32 p.m., nodje wrote: > The Squid instance is started in the morning and stopped at night. > > It is daily brought down by what I call "hundreds of HEAD request to > itself". > > There's no fixed pattern for the problem. > > Sometimes Squid keep working OK with hundreds of those requests, > sometime it just becomes very unresponsive. > > Here's what the request look like with my logformat: > > 09/Apr/2014:17:41:02] 192.168.0.2 TCP_MISS:DEFAULT_PARENT 504 "HEAD > http://192.168.0.2:3128/ HTTP/1.0" Size:333 Ref:"-" Agent:"-" > > Squid's server IP is 192.168.0.2, so it's like the server itself > requesting the proxy. > There's nothing running on the same server that I know of that would > access the proxy. ... you mentioned a proxy running on that box :-0 > > Where a HEAD request like that could come from? Probably; NAT intercepted traffic containing the header "Host:192.168.0.2:3128" or, squid.conf http_port containing "defaultsite=192.168.0.2:3128" Either way this is a well known DoS enabled by misconfiguration. Add the squid.conf directive "via on". You should start to see messages about forwarding loops being blocked and be able to track down which problem it is causing the loop to start. Amos
