> > Hello All > > I am getting a lot of these messages in my cache.log > > 2004/04/23 02:21:02| Request header is too large (10494 bytes) > 2004/04/23 02:21:02| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:21:30| Request header is too large (11680 bytes) > 2004/04/23 02:21:30| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:24:27| Request header is too large (10494 bytes) > 2004/04/23 02:24:27| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:24:50| Request header is too large (11680 bytes) > 2004/04/23 02:24:50| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:26:07| Request header is too large (10494 bytes) > 2004/04/23 02:26:07| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:26:44| Request header is too large (11680 bytes) > 2004/04/23 02:26:44| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:27:28| Request header is too large (10494 bytes) > 2004/04/23 02:27:28| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:27:50| Request header is too large (12287 bytes) > 2004/04/23 02:27:50| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:32:31| Request header is too large (12287 bytes) > 2004/04/23 02:32:31| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:34:13| Request header is too large (10494 bytes) > 2004/04/23 02:34:13| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:34:29| Request header is too large (11680 bytes) > 2004/04/23 02:34:29| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:35:12| Request header is too large (11954 bytes) > 2004/04/23 02:35:12| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:35:33| Request header is too large (11680 bytes) > 2004/04/23 02:35:33| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:39:42| Request header is too large (10494 bytes) > 2004/04/23 02:39:42| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:40:05| Request header is too large (12287 bytes) > 2004/04/23 02:40:05| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:50:19| Request header is too large (10494 bytes) > 2004/04/23 02:50:19| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:50:38| Request header is too large (12287 bytes) > 2004/04/23 02:50:38| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:52:33| Request header is too large (10494 bytes) > 2004/04/23 02:52:33| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 02:53:09| Request header is too large (10495 bytes) > 2004/04/23 02:53:09| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 03:19:07| Request header is too large (10494 bytes) > 2004/04/23 03:19:07| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 03:19:19| Request header is too large (10495 bytes) > 2004/04/23 03:19:19| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 03:24:47| Request header is too large (11680 bytes) > 2004/04/23 03:24:47| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 03:27:30| Request header is too large (11680 bytes) > 2004/04/23 03:27:30| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 03:30:41| Request header is too large (11680 bytes) > 2004/04/23 03:30:41| Config 'request_header_max_size'= 10240 bytes. > 2004/04/23 03:32:27| Request header is too large (10494 bytes) > 2004/04/23 03:32:27| Config 'request_header_max_size'= 10240 bytes. > > I believe this is some kind of Dos Attack from some virus on > client's systems > because when this happens, MRTG shows increase in HTTP all > service time and > HTTP miss service time (I am also attaching MRTG graphs for > your view) and > all the clients start complaining. Can any one shed more > light on this > problem? Like which virus is responsible for this and what > can be done in > squid config to avoid this except to block/disconnect the > infected client. > > > Check SQUID's access log to further identify these requests. If they turn out to be malicious , then block using ACL mechanisms (e.d.)
M.
