I just want to throw my support behind seeking a solution to this problem. Luke’s clearly considered it in way more detail than anyone so far, myself included. The affects the squids under my purview every day. Best, Dan > On 14 Sep. 2016, at 10:18 am, squid-users@xxxxxxxxxxxxxxx wrote: > > Hi Squid users, > > Seeking advice on how to slow down 407 responses to broken Apple & MS > clients, which seem to retry at very short intervals and quickly fill the > access.log with garbage. The problem is very similar to this: > > http://www.squid-cache.org/mail-archive/squid-users/201404/0326.html > > However the config below doesn't seem to slow down the response: > > acl delaydomains dstdomain .live.net .apple.com > acl authresponse http_status 407 > external_acl_type delay ttl=0 negative_ttl=0 cache=0 %SRC /tmp/delay.pl > acl delay external delay > http_reply_access deny delaydomains authresponse delay > http_reply_access allow all > > The helper is never asked by Squid to process the request. Just wondering > if http_status ACLs can be used in http_reply_access? > > My other thinking, if this isn't possible, was to mark 407 responses with > clientside_tos so they could be delayed/throttled with tc or iptables. Ie, > > acl authresponse http_status 407 > clientside_tos 0x20 authresponse > > However, auth response packets don't get the desired tos markings. Instead > the following message appears in cache.log: > > 2016/09/13 11:35:43 kid1| WARNING: authresponse ACL is used in context > without an HTTP response. Assuming mismatch. > > After reviewing > http://lists.squid-cache.org/pipermail/squid-users/2016-May/010630.html it > seems like this has cropped up before. The suggestion in that thread was to > exclude 407 responses from the access log. Fortunately this works. But I'm > wondering if there is a way to introduce delay into the 407 response itself? > Partly to minimise load associated with serving broken clients, and also to > maintain logging of actual intrusion attempts. Any suggestions? > > Luke > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
