HI, I was curious does anyone know of any serious security exploits that can use varnish as an open proxy?
The reason I ask is we just put up 3 varnish servers, and about 4 days after we started to get a DDOS attack. If anything the varnish servers really helped offload it. We are still unders attack for at least 12 hours + The reason why I am thinking that some sort of exploit might be going on is, looking at the varnish logs I was seeing some url's for domains we do not even own. I am not sure how get requests are coming through for not our own domain's? Majority of get are for us, but 10% or so are not It could have been just a coicendence that we got a DDOS attack a few days after, and glad I had varnish in, becuase we were getting over 3,000 req/sec, which our web servers definitely could not handle. Thanks for any suggestions. _______________________________________________ varnish-misc mailing list [email protected] http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
