This is a discussion on RE: [squid-users] Squid HIT analysis, worm DoS mitigation, and general config tweaking - squid ; =20 >=20 > New to the list. I'm sorry if this stuff is covered in a=20 > list FAQ somewhere > that I'm unable to find. I have 3 main questions about the=20 > wonderful squid > cache. FAQ : ...
> New to the list. I'm sorry if this stuff is covered in a=20
> list FAQ somewhere
> that I'm unable to find. I have 3 main questions about the=20
> wonderful squid
> 1. I want to analyze my squid logs graphically in terms of TCP_HIT,
> and other codes from the logs. I'm sure there's something=20
> out there to do
> it already that I'm just not aware of.
Look for various tools available in :
Also check the squid FAQ as on how to use Squid with MRTG.
> 2. Also, we've been feeling the brunt of all the new Welchia=20
> variants that
> port 80 attacks through random, high-frequency portscanning,=20
> which saps our
> squid caches of file descriptors. From doing some previous=20
> list reading, I
> have set half_closed_connections to off, as well as client_persistent
> connections to off. I didn't turn server_persistent to off,=20
> because, well,
> it sounds important. Am I being a pansy for not doing this? I'm also
Although a personal opinion ; I think so yes. The kind of attacks
you describe should be handled by perimeter firewalling =
If you have a good fw. setup then for instance port scans should not =
able to reach your squid box. Also that in particular is not much =
to fd. usage as squid only listens on one port.
Meaning that resource exhausting attacks on squid would have in any
case be http-'applicated' based.
> curious how these settings help the file descriptor problem,=20
> as they sound
> like they adjust network connection behaviour as opposed to=20
> anything that
> impacts file descriptors. Can anyone shed light on how this=20
> works? Also,
> would there be any reason a service provider with many=20
> diversely screwed-up
> operating systems and corresponding screwed-up browsers would=20
> not want to
> muck with these Squid settings?
> 3. Why is the squid cache so slow when I use diskd? What=20
> guidelines do all
> of you use for large caches (>20GB) in terms of directory=20
> structure, memory
> options, and diskd/no diskd, ufs/no ufs?
Well, read the FAQ part on diskd. Diskd often
requires OS related tuning.