[squid-users] Squid 100% CPU and possible attack

Eliezer Croitoru eliezer at ngtech.co.il
Thu Oct 22 23:00:18 UTC 2015

The simplest way is to use fail2ban.
What OS are you using?
it is possible an attack but it's not 100%.
What you can do is to also disable access using the proxy to this 
destination IP and address.
100% CPU in many cases is not something odd but you can try fail2ban 
with a special rule to block this client in the iptables of the machine 
(if this is a linux..)


On 23/10/2015 00:43, Job wrote:
> Hello,
> sometimes, for about half an hour, tour Squid becomes unstable and, by typing "top -s", Squid is taking the 100% of the CPU.
> In Squid's access.log, i see lots of entry like this:
> "Thu";"Oct";"22";"11:45:17";"2015";"21328";"";"TCP_MISS/000";"0";"GET";"";"-";"DIRECT/";"-"
> "Thu";"Oct";"22";"11:45:18";"2015";"19153";"";"TCP_MISS/000";"0";"GET";"";"-";"DIRECT/";"-"
> "Thu";"Oct";"22";"11:45:18";"2015";"20346";"";"TCP_MISS/000";"0";"GET";"";"-";"DIRECT/";"-"
> "Thu";"Oct";"22";"11:45:21";"2015";"20391";"";"TCP_MISS/000";"0";"GET";"";"-";"DIRECT/";"-"
> "Thu";"Oct";"22";"11:45:21";"2015";"19142";"";"TCP_MISS/000";"0";"GET";"";"-";"DIRECT/";"-"
> "Thu";"Oct";"22";"11:45:22";"2015";"19075";"";"TCP_MISS/000";"0";"GET";"";"-";"DIRECT/";"-"
> There seem be a possible attack/exploit from an internal machine? It is the in the example.
> Is there a patch or something to not spread up Squid to the 100% cpu limit for these "Attacks"?
> Thank you!
> Francesco
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list