[squid-users] R: Squid 100% CPU and possible attack

Amos Jeffries squid3 at treenet.co.nz
Fri Oct 23 11:56:14 UTC 2015


On 23/10/2015 8:41 p.m., Job wrote:
>>> That looks like the side effects of a forwarding loop DoS. Look for the
>>> following line in your squid.conf and remove it:
> 
>>>  via off
> 
> Hello Amos!
> 
> I do not have via off in my squid.conf, so i think it is set to on, default value.
> 
> Otherwise, i redirect outbount http/80 to the internal 8080 on firewall/squid machine.
> It seems from a specific client someone try to pass an exploit to the 8080 port...
> 
> What else should i consider?

Something that would cause a machine to make lots of HTTP requests.

You have provided almost no information about the network, it
configuration, or uses etc. Having eliminated the usual problem(s) it is
a waste of time to guess.

Details please.

Amos



More information about the squid-users mailing list