RE: [squid-users] Squid3 reverse proxy & Failed to select source strange errors

From: Mike Marchywka <marchywka_at_hotmail.com>
Date: Mon, 23 Nov 2009 10:40:57 -0500

----------------------------------------
> Date: Mon, 23 Nov 2009 16:32:29 +0100
> From: haazeloud_at_gmail.com
> To: marchywka_at_hotmail.com
> CC: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Squid3 reverse proxy & Failed to select source strange errors
>
> Hi mike,
>
> Mike Marchywka a écrit :
>> [snip]
>>> Normal website attacks.
>>>
>>> One of the benefits of using Squid is to prevent these resource wasters
>>> getting near the backend processors. "Failed to select source" is good
>>> news.
>>>
>>> You might also want to occasionally scan the access.log to see if any
>>> foreign requests do get through (2xx or 3xx status). If any do you have
>>> a problem, otherwise everything is fine.
>>>
>>
>> I think we had our's up for maybe 1 day before it was discovered.
>> We just added our own headers for authentication. Not sure this
>> is always an option but if you can restrict by IP or UA or something
>> that may be the easiest thing to do.
>>
> Sure, this could be great, but this will not help us I think.
> We're using squid as a reverse proxy, so anyone can tell squid : "please
> give me this static content or this image". I can't see how can i
> restrict this. :)
>

I haven't given this much thought but if you are just storing things
that go with other content from your server, what bout cookies? If you
only want to serve resources needed for your own pages, then set
some kind of cookie or other header like referer and use that for a squid validation. If the req doesn't have the page specific header don't return anything.

> Regards
> David.
                                               
_________________________________________________________________
Bing brings you maps, menus, and reviews organized in one place.
http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_MFESRP_Local_MapsMenu_Resturants_1x1
Received on Mon Nov 23 2009 - 15:41:04 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST