1

I have this situation:

client -> url-filtering -> squid -> internet

The squid proxy sees all clients as a single IP ( of url filtering) so I have a lot of connections from a single IP. Squid is the cache upstream proxy.

In production, with a lot of connections (2000), randomly the client has to refresh the page to see a site ( not a specific site). It seems the proxy denies the connection randomly.

If I cut out the url-filtering, leading to this situation:

client -> proxy->internet

I haven't had the problem, but the proxy sees all IP clients and the connection is for each IP.

In url filtering I see the log file and there is a lot of items with proxy not respond.

In squid.conf I haven't set maxconn or any other limitation from ip connection.

Is there a default limitation for a connection from single IP?

Is there some DDoS prevention from single IP that reject some packet?

In proxy server there isn't a firewall at the moment.

Xiong Chiamiov
  • 2,954
  • 2
  • 27
  • 30
Powand
  • 11
  • 1

1 Answers1

0

Connections from a particular client can be delayed using delay_pools with Squid. Check whether you the delay_pools tag in your squid.conf.

If you use netfilter/iptables firewall on your squid machine, check whether your firewall is not configured with the connlimit module.

Other possibilities to not neglect: squid crashes from time to time and is automatically restarted giving the impression that connections are blocked. Have a look at your squid log (search cache_log log_file in your squid.conf and inspect the content of the log_file file). The squid tag in squid.conf debug_options ALL,2 can give you more information in you log.

What url filtering facility do you use?

LockTheDoor
  • 31
  • 3