Hi Squid users, Seeking advice on how to slow down 407 responses to broken Apple & MS clients, which seem to retry at very short intervals and quickly fill the access.log with garbage. The problem is very similar to this: http://www.squid-cache.org/mail-archive/squid-users/201404/0326.html However the config below doesn't seem to slow down the response: acl delaydomains dstdomain .live.net .apple.com acl authresponse http_status 407 external_acl_type delay ttl=0 negative_ttl=0 cache=0 %SRC /tmp/delay.pl acl delay external delay http_reply_access deny delaydomains authresponse delay http_reply_access allow all The helper is never asked by Squid to process the request. Just wondering if http_status ACLs can be used in http_reply_access? My other thinking, if this isn't possible, was to mark 407 responses with clientside_tos so they could be delayed/throttled with tc or iptables. Ie, acl authresponse http_status 407 clientside_tos 0x20 authresponse However, auth response packets don't get the desired tos markings. Instead the following message appears in cache.log: 2016/09/13 11:35:43 kid1| WARNING: authresponse ACL is used in context without an HTTP response. Assuming mismatch. After reviewing http://lists.squid-cache.org/pipermail/squid-users/2016-May/010630.html it seems like this has cropped up before. The suggestion in that thread was to exclude 407 responses from the access log. Fortunately this works. But I'm wondering if there is a way to introduce delay into the 407 response itself? Partly to minimise load associated with serving broken clients, and also to maintain logging of actual intrusion attempts. Any suggestions? Luke _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
