On Thu, Dec 16, 2010 at 7:41 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 17/12/10 10:38, Jason Greene wrote: >> >> I m trying to close a security hole >> >> >> I want to use maxconn on ALL IPs >> >> acl limitusercon maxconn 3 >> http_access deny all limitusercon > > Testing the "all" there is not useful. That should be just: > > http_access deny limitusercon > > ... making sure its placed at the top of your access controls so nothing > doing an allow can bypass it. Right after the "deny CONNECT !SSL_Ports" > should do.
Thanks, I'll try this out. > >> >> But it doesn't seem to work and the hole still appears on a scan. > > What hole? HTTP Proxy CONNECT Loop DoS > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.9 > Beta testers wanted for 3.2.0.3 >
