Re: [squid-users] about delay_pools

From: Carlos Manuel Trepeu Pupo <charlie.mtp_at_gmail.com>
Date: Fri, 8 Jul 2011 09:40:11 -0400

2011/7/8 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 08/07/11 02:36, Carlos Manuel Trepeu Pupo wrote:
>>
>> Hi! I'm using squid 3.0 STABLE1. Here are my delay_pool in the squid.conf
>>
>> acl enterprise src 10.10.10.2/32
>> acl bad_guys src 10.10.10.52/32
>> acl dsl_bandwidth src 10.10.48.48/32
>>
>> delay_pools 3
>>
>> delay_class 1 1
>> delay_parameters 1 25600/25600
>> delay_access 1 allow bad_guys
>> delay_access 1 deny all
>>
>> delay_class 2 1
>> delay_parameters 2 65536/65536
>> delay_access 2 allow enterprise
>> delay_access 2 deny all
>>
>> delay_class 3 1
>> delay_parameters 3 10240/10240
>> delay_access 3 allow dsl_bandwidth
>> delay_access 3 deny all
>>
>>
>> I think everything was right, but since yesterday I see "bad_guys"
>> downloading from youtube using all my bandwidth !! I have a channel of
>> 128 Kb in technology ATM. So I hope you can help me !!!!!!!
>
> step 1) please verify that a recent release still has this problem.
> 3.0.STABLE1 was obsoleted years ago.
>
> step 2) check for things like follow_x_forwarded_for allowing them to fake
> their source address. 3.0 series did not check this properly and allows
> people to trivially bypass any IP-based security if you trust that header.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.14
>  Beta testers wanted for 3.2.0.9
>
I

If I deny "bad_guys" they can't surf. The user it's a client who have
a Kerio Firewall-Proxy with 10 users. I make the test to visit them
and stop his service, then the bandwidth go down, so I check they are
who violate the delay_pool. Now, the question is why this happen?
(Every time this happen I check the destination domain it's youtube
and they are downloading from there.)
Received on Fri Jul 08 2011 - 13:40:18 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 11 2011 - 12:00:02 MDT