On 12.01.2012 12:49, Momen, Mazdak wrote:
> Thanks, looking into it though I think I'm limited by the way I can
> set up ACLs. Here is what I'm trying to filter:
>
> 1326325020.543 0 *.*.*.* NONE/400 3502 GET / - NONE/- text/html
>
> The starred IP, is the same for every request (all requests pass
> through a load balancer). I don't want filter out by that IP but
> maybe
> by the string of text "GET / - NONE/-". Would this be possible?
Not like that. Depending on your squid version http_status ACL testing
for status 400 may be possible. But that would catch all other status
400 events as well, which you may not want.
The NONE/400 part shows that these are Squid rejecting non-HTTP traffic
arriving at its port. Essentially a slow DoS against Squid. If you can
prevent that happening in the first place it would be better.
Amos
Received on Thu Jan 12 2012 - 00:13:12 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 12:00:02 MST