Hey Dan,
It's pretty simple to write this rule since its a counted+pattern match
and that's it nothing more.
If it fits your need you can add a send mail target instead of a "ban" one.
Eliezer
On 03/08/2015 10:25, Dan Charlesworth wrote:
Thanks Antony.
Fail2ban looks like a viable option though we would still need to write a regex definition to target this sort of behaviour. Their squid example targets aggressive hosts where my preference would be to target aggressive applications (that could be running on more than one host).
https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/squid.conf
In my case “raise the alarm” would probably mean send an email to somebody and there are lots of ways to do that programmatically.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
