Re: [squid-users] No auth, only log?

From: docdiz <prn4all_at_gmail.com>
Date: Thu, 19 Jun 2008 06:43:00 +0700

2008/6/17, Henrik Nordstrom <henrik_at_henriknordstrom.net>:
> Other applications are abusing the CONNECT method to do the same thing.
> meant to be used for SSL, but is in reality being used a lot more for
> other traffic such as FTP, IRC, Peer-To-Peer and god knows what..
> Regards
> Henrik

  YES!!!
  Use lot of traffic is one thing. Abuse is another thing. Some
download softwares (and sites) legally mutually break a big file in to
million of 100-200 bytes files and try to parallelly send all those
million chunks through proxy.

  My squid just moans "NO FILE DESCRIPTORS" for over a month,
eventhough it's the only app running on Linux Box with no limit.

  I know we have MaxConn. But seem those intelligent (?!!?) s/w still
able to slip pass through. They forces squid to open/close/open/close
thousands of connection per sec ...
  As each "file" size is less than 200 bytes .. squid doesn't catch
it. Delay_pool let it pass through too.

  Heh, could anyone suggest me whether we can limit client's tcp
connection rate?

-- 
... Lyrics of the Forest ...
Received on Wed Jun 18 2008 - 23:43:03 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 19 2008 - 12:00:05 MDT