Re: [squid-users] DNS Attack

From: Amos Jeffries <>
Date: Mon, 04 Jun 2012 23:42:34 +1200

On 4/06/2012 8:36 a.m., Roman Gelfand wrote:
> I have setup squid server to function as both forward and reverse
> proxy. It appears that I am getting flooded with http requests with
> non existant urls. Consequently, this slows down my firewall as the
> dns server is slowing down the query response. Is there a way to
> prevent dns lookup if url doesn't match the pattern?
> Thanks in advance

Squid rejects requests with non-existant URLs as invalid HTTP syntax
during parsing. There is no DNS involved there.

I assume you mean the URL has a unregistered domain name and the
requests are coming in with a great many different domains?

Reverse-proxy requests should have 0 DNS usage. Forward-proxy should
only need DNS after accepting a request for relay. There are some
exceptions to that, but most networks will fit that generalization. It
is achieved by reverse-proxy using dstdomain ACLs, and forward-proxy
using src client IP or proxy_auth login credentials to determin traffic
acceptance. DNS is not involved in any of those ACL types.

This small alteration (adding localnet filter) to the basic
reverse-proxy config should stop those requests no DNS involved:

   # reverse-proxy rules
   acl localdomains dstdomain
   http_access allow localdomains
   http_access deny !localnet

   # ... other forward-proxy rules...

Also; If you have "dst" in the reverse-proxy allow rules, change it to
dstdomain and DNS load should vanish.

Received on Mon Jun 04 2012 - 11:42:46 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 05 2012 - 12:00:03 MDT