2008/6/17, Henrik Nordstrom <henrik_at_henriknordstrom.net>:
> Other applications are abusing the CONNECT method to do the same thing.
> meant to be used for SSL, but is in reality being used a lot more for
> other traffic such as FTP, IRC, Peer-To-Peer and god knows what..
> Regards
> Henrik
YES!!!
Use lot of traffic is one thing. Abuse is another thing. Some
download softwares (and sites) legally mutually break a big file in to
million of 100-200 bytes files and try to parallelly send all those
million chunks through proxy.
My squid just moans "NO FILE DESCRIPTORS" for over a month,
eventhough it's the only app running on Linux Box with no limit.
I know we have MaxConn. But seem those intelligent (?!!?) s/w still
able to slip pass through. They forces squid to open/close/open/close
thousands of connection per sec ...
As each "file" size is less than 200 bytes .. squid doesn't catch
it. Delay_pool let it pass through too.
Heh, could anyone suggest me whether we can limit client's tcp
connection rate?
-- ... Lyrics of the Forest ...Received on Wed Jun 18 2008 - 23:43:03 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 19 2008 - 12:00:05 MDT