[squid-users] Detecting clients flooding squid with failed request
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Aug 3 10:03:46 UTC 2015
Hey Dan,
It's pretty simple to write this rule since its a counted+pattern match
and that's it nothing more.
If it fits your need you can add a send mail target instead of a "ban" one.
Eliezer
On 03/08/2015 10:25, Dan Charlesworth wrote:
> Thanks Antony.
>
> Fail2ban looks like a viable option though we would still need to write a regex definition to target this sort of behaviour. Their squid example targets aggressive hosts where my preference would be to target aggressive applications (that could be running on more than one host).
>
> https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/squid.conf
>
> In my case “raise the alarm” would probably mean send an email to somebody and there are lots of ways to do that programmatically.
More information about the squid-users
mailing list