Re: [squid-users] Rate limiting inbound requests in squid conf

From: Nick Fennell <nick_at_tbfh.org>
Date: Mon, 26 Nov 2012 09:55:04 +0000

A rule set like the below may help;

iptables -I INPUT -p tcp --dport 3128 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 3128 -m state --state NEW -m recent --update --seconds 60 --hitcount 30 -j DROP

This should new requests being dropped when more than 30 connections have been established within 60 seconds.

Nick

--
On 23 Nov 2012, at 12:22, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> Hey Sekar,
> 
> Basic IPTABLES setup should be able to do that for you.
> it's better to do it in IPTABLES level then doing it in the upper level of the application such as squid.
> It will allow the request to be rejected\close properly in the network level while what squid will prefer or will send error page instead of the content which I dont really like.
> 
> If you are willing to sacrifice some performance you can use external_acl to count the requests per sec per ip and to allow or deny by that the request and present to the client a deny_info.
> 
> Regards,
> Eliezer
> 
> On 11/23/2012 1:55 PM, Sekar Duraisamy wrote:
>> Hi Team,
>> 
>> Can we limit the inbound request rate  in Squid configuration like 30
>> request/min , 10 request/sec like this regardless of the size.
>> 
>> Thanks,
>> Sekar
>> 
> 
> -- 
> Eliezer Croitoru
> https://www1.ngtech.co.il
> sip:ngtech_at_sip2sip.info
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il
Received on Mon Nov 26 2012 - 09:55:13 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 26 2012 - 12:00:03 MST