[squid-users] R: Squid 100% CPU and possible attack
squid3 at treenet.co.nz
Fri Oct 23 11:56:14 UTC 2015
On 23/10/2015 8:41 p.m., Job wrote:
>>> That looks like the side effects of a forwarding loop DoS. Look for the
>>> following line in your squid.conf and remove it:
>>> via off
> Hello Amos!
> I do not have via off in my squid.conf, so i think it is set to on, default value.
> Otherwise, i redirect outbount http/80 to the internal 8080 on firewall/squid machine.
> It seems from a specific client someone try to pass an exploit to the 8080 port...
> What else should i consider?
Something that would cause a machine to make lots of HTTP requests.
You have provided almost no information about the network, it
configuration, or uses etc. Having eliminated the usual problem(s) it is
a waste of time to guess.
More information about the squid-users