On 08/17/2016 09:02 AM, Amos Jeffries wrote: > Your Squid is not even getting far enough to apply security rules to the > garbage traffic. It is basically just doing: accept() connection, > unmangle the NAT/TPROXY details, read(2) some bytes, try to parse - bam > generate and send error page, close the TCP connection and log the event. *If* just a few clients doing the above can have a serious effect on overall performance of a Squid instance running on decent hardware, then we need to fix or optimize something. There is little Squid can do against a powerful DDoS, but a few broken clients rarely mimic that. > About the only thing you could do to speed it up is locate the error > page templates and remove their contents. Also, *if* the clients do not open new connections until their old connections are closed, then you may be able to slow them down considerably by delaying those error responses. It may be possible to do that with an external ACL helper (that delays responses) and http_reply_access rules that target those specific error pages. Disclaimer: I am not implying that the two conditions marked with "*If*" above are true. I have not checked them. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
