On 10/04/2014 1:32 p.m., nodje wrote:
> The Squid instance is started in the morning and stopped at night.
>
> It is daily brought down by what I call "hundreds of HEAD request to
> itself".
>
> There's no fixed pattern for the problem.
>
> Sometimes Squid keep working OK with hundreds of those requests,
> sometime it just becomes very unresponsive.
>
> Here's what the request look like with my logformat:
>
> 09/Apr/2014:17:41:02] 192.168.0.2 TCP_MISS:DEFAULT_PARENT 504 "HEAD
> http://192.168.0.2:3128/ HTTP/1.0" Size:333 Ref:"-" Agent:"-"
>
> Squid's server IP is 192.168.0.2, so it's like the server itself
> requesting the proxy.
> There's nothing running on the same server that I know of that would
> access the proxy.
... you mentioned a proxy running on that box :-0
>
> Where a HEAD request like that could come from?
Probably;
NAT intercepted traffic containing the header "Host:192.168.0.2:3128"
or,
squid.conf http_port containing "defaultsite=192.168.0.2:3128"
Either way this is a well known DoS enabled by misconfiguration.
Add the squid.conf directive "via on". You should start to see messages
about forwarding loops being blocked and be able to track down which
problem it is causing the loop to start.
Amos
Received on Thu Apr 10 2014 - 04:02:33 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 10 2014 - 12:00:04 MDT