[squid-users] Protecting squid against ddos attacks

Chirayu Patel chirayu.patel at truecomtelesoft.com
Fri Sep 20 13:03:05 UTC 2019 

This is my squid config file :

------------------------------------------
http_port 3129 intercept
https_port 3131 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
    generate-host-certificates=off dynamic_cert_mem_cache_size=2MB
## For Captive Portal
http_port 3132 intercept
https_port 3133 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
    generate-host-certificates=off dynamic_cert_mem_cache_size=1MB

#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 5

# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3

# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all # peek at TLS/SSL connect data
ssl_bump splice all # splice: no active bumping
on_unsupported_protocol tunnel all

pinger_enable off
digest_generation off
netdb_filename none
ipcache_size 128
fqdncache_size 128
via off
forwarded_for transparent
httpd_suppress_version_string on
cache deny all
cache_mem 0 MB
memory_pools off
shutdown_lifetime 0 seconds

#logfile_daemon /dev/null
access_log none

#acl good_url dstdomain .yahoo.com
http_access allow all

url_rewrite_program /tmp/squid/urlcat_server_start.sh
#url_rewrite_bypass on
url_rewrite_children 1 startup=1 idle=1 concurrency=30 queue-size=10000
on-persistent-overload=ERR
#url_rewrite_access allow all
#url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode
sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
url_rewrite_extras "%>a %lp %ssl::>sni"

max_filedesc 5120
coredump_dir /tmp
client_lifetime 30 minutes
read_ahead_gap 8 KB

-------------------------------

--> I have installed squid in a wifi access point which will in many cases
behave as an edge gateway as well.. So basically it itself is the firewall.
There is nothing in front to protect it.
--> There are 4 ports that are opened.. If someone decides to do a DDOS
attack on them, what options do I have to protect against them.
--
Thank You
Chirayu Patel
Truecom Telesoft
+91 8758484287
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190920/830d12d9/attachment.html>

More information about the squid-users mailing list