On 09/09/17 04:37, Steve Hill wrote:
I've identified a problem with Squid 3.5.26 using a lot of memory when some broken clients are on the network. Strictly speaking this isn't really Squid's fault, but it is a denial of service mechanism so I wonder if Squid can help mitigate it.
AFAIK every connection opened or accepted by Squid does have a timeout, though some of them are long. The mitigation is probably to reduce request_timeout (v2+) or better the request_start_timeout (v4+).
Please bring up your research on squid-dev mailing list so the guys working on TLS/SSL and QA can all see it.
You may also need to update the networks congestion control algorithms to ones that better handle RST packets.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
