On Sat, Apr 16, 2011 at 9:19 PM, Alan DeKok <al...@deployingradius.com> wrote: > Waqas Toor wrote: >> Yes, Understood, Can I can limit those proxy-state attributes to lets >> say 100 attributes only. >> Because the other server is complaining about possible DoS attacks. > > <sigh> It would have been useful for you to say that at the beginning. > > If there are 100 Proxy-State attributes, it's likely because you > screwed up proxying somewhere. It makes *no* sense to proxy packets > through 100 servers.
Ok here is my robust-example-accounting that I am using for proxy ============================================================== home_server home1.example.com { type = acct ipaddr = 10.1.67.37 port = 1813 secret = free-rad512 # Mark this home server alive ONLY when it starts being responsive status_check = request username = "test_user_status_check" response_window = 6 } home_server home2.example.com { type = acct ipaddr = 10.1.67.28 port = 1813 secret = free-rad512 # Mark this home server alive ONLY when it starts being responsive status_check = request username = "test_user_status_check" response_window = 6 } home_server acct_detail.example.com { virtual_server = acct_detail.example.com } home_server_pool acct_pool.example.com { type = load-balance # other types are OK, too. home_server = home1.example.com home_server = home2.example.com fallback = acct_detail.example.com virtual_server = home.example.com } realm test_cpe.com{ acct_pool = acct_pool.example.com nostrip } server acct_detail.example.com { accounting { detail.example.com } } server home.example.com { pre-proxy { } post-proxy { Post-Proxy-Type Fail { detail.example.com } } listen { type = detail filename = "${radacctdir}/detail.example.com/detail-*:*" load_factor = 10 } accounting { update control { Proxy-To-Realm := "test_cpe.com" } } } ================================================ It works fine, but when one of the server goes down of a long period, It sends a lot of proxy state attributes. Regards Waqas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html