Shawn Wright wrote: > During times when our proxy is being assaulted by spyware, it spends a > great deal of CPU time logging these denials. I would like to explore the > possibility of one or more of the following:
> -limiting max # of connections allocated to a single IP per minute, since > delay pools won't help when all the connections are denials (I don't > think). The maxconn acl type can do this, though I believe Squid will still log a TCP_DENIED for each request over the limit. Probably not the solution you are looking for. You could use a program to tail the access.log (a simple Perl script could do it) and block an IP address using the OS's firewall if the number of denied requests passes a certain threshold. Adam
