[squid-users] Malformed HTTP on tproxy squid

Alex Rousskov rousskov at measurement-factory.com
Wed Aug 17 16:07:20 UTC 2016


On 08/17/2016 09:02 AM, Amos Jeffries wrote:

> Your Squid is not even getting far enough to apply security rules to the
> garbage traffic. It is basically just doing: accept() connection,
> unmangle the NAT/TPROXY details, read(2) some bytes, try to parse - bam
> generate and send error page, close the TCP connection and log the event.

*If* just a few clients doing the above can have a serious effect on
overall performance of a Squid instance running on decent hardware, then
we need to fix or optimize something. There is little Squid can do
against a powerful DDoS, but a few broken clients rarely mimic that.


> About the only thing you could do to speed it up is locate the error
> page templates and remove their contents.

Also, *if* the clients do not open new connections until their old
connections are closed, then you may be able to slow them down
considerably by delaying those error responses. It may be possible to do
that with an external ACL helper (that delays responses) and
http_reply_access rules that target those specific error pages.


Disclaimer: I am not implying that the two conditions marked with "*If*"
above are true. I have not checked them.

Alex.



More information about the squid-users mailing list