Squid Web Cache wiki

Squid Web Cache documentation

🔗 Feature: Early access control knob to block connection floods

🔗 Details

This is a proposal for a new tcp_access directive, to be executed immediately when a new connection is accepted, before reading any HTPT request. As no HTTP data is yet available it’s limited to src, myport, myaddr, time and maxconn type acls, maybe one or two more.

Should probably reset the connection by default rather than sending av HTTP error, but that’s subjective. Some may prefer an error page..

This can be thougt of as application level firewalling of the proxy service.

Needs to be a “slow/async” acl match like http_access so external acls may be plugged in for extra functionality such as integration with packet level firewalls, cluster wide connection accounting etc.

Categories: WantedFeature

Navigation: Site Search, Site Pages, Categories, 🔼 go up