[squid-users] Android client flooding squid
Amos Jeffries
squid3 at treenet.co.nz
Tue Dec 12 15:35:59 UTC 2017
On 13/12/17 03:46, Heiler Bemerguy wrote:
>
> Hi guys,
>
> Everyday I get tons of these GETs, a lot from the same IP, then a lot
> from other IPs of our local intranet (we have some APs plugged on our
> intranet). This is happening since forever, but I'm trying to
> understand/get rid of it.
>
> Any ideas?
>
The client software is broken.
1) using explicit URLs with raw-IPv4 to make its requests, and ..
2) performing Host header forgery. www.google.com is hosted in Googles
servers assigned the 216/8 IP range not the 172/8 range. And ..
3) not obeying the clear instruction that the given Domain is *only*
available when fetched by name (not by raw-IP).
Your options are to either;
get the client software fixed
OR,
configure ACLs detecting when such clients deliver those raw-IP URLs
and reject them with a 403 instead of a 301,
That can be done with an external ACL helper in http_reply_access that
tracks 301 + Content-Location and which client they were sent to.
Rejecting them with a 403 after an arbitrary number of repeats.
Amos
More information about the squid-users
mailing list