On Monday 03 August 2015 at 08:06:35 (EU time), Dan Charlesworth wrote: > Probably a lot of forward proxy users here have encountered applications > which, if they can’t get their web requests through the proxy (because of > 407 Proxy Auth Required or whatever), just start aggressively, endlessly > spamming requests. > > A recent example would be AVG’s “cloud” features generating around 90 > requests per second from one computer. Pretty annoying. > > I was wondering if anyone here has any creative ideas for detecting when > this is happening programmatically? > > It’s obviously easy to spot as a human if you’re looking at the access log, > but it would be awesome if we could somehow parse some squidclient manager > output and/or the access logs and “raise the alarm” in some way. > > Would love to hear anyone’s ideas about how the logic would work for > something like this. Depending on what action you want for "raising the alarm", I'm pretty sure fail2ban could be configured for this. Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users