Ahmed wrote :
> > I am getting a lot of these messages in my cache.log
> >
> > 2004/04/23 02:21:02| Request header is too large (10494 bytes)
> > 2004/04/23 02:21:02| Config 'request_header_max_size'= 10240 bytes.
> > 2004/04/23 02:21:30| Request header is too large (11680 bytes)
> > 2004/04/23 02:21:30| Config 'request_header_max_size'= 10240 bytes.
> > 2004/04/23 03:30:41| Request header is too large (11680 bytes)
> > 2004/04/23 03:30:41| Config 'request_header_max_size'= 10240 bytes.
> > 2004/04/23 03:32:27| Request header is too large (10494 bytes)
> > 2004/04/23 03:32:27| Config 'request_header_max_size'= 10240 bytes.
> > I believe this is some kind of Dos Attack from some virus on
> > client's systems
Elsen Marc Reply:
> Check SQUID's access log to further identify these requests.
> If they turn out to be malicious , then block using ACL mechanisms
(e.d.)
>
I am facing the same problem .I am using squid-2.5STABLE3 and wccp v1, In my
squid.conf request_header_max_size is disable. Is there any way to stop
these messages in cache.log ? As you said I checked my access.log file, the
request from our network and I cant block those IPs.
Any help to solve this will be appreciated,
Thnks & rgrds,
Eswari Sharma
Received on Mon Sep 13 2004 - 03:59:42 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT