On 08/07/11 02:36, Carlos Manuel Trepeu Pupo wrote:
Hi! I'm using squid 3.0 STABLE1. Here are my delay_pool in the squid.conf
acl enterprise src 10.10.10.2/32
acl bad_guys src 10.10.10.52/32
acl dsl_bandwidth src 10.10.48.48/32
delay_pools 3
delay_class 1 1
delay_parameters 1 25600/25600
delay_access 1 allow bad_guys
delay_access 1 deny all
delay_class 2 1
delay_parameters 2 65536/65536
delay_access 2 allow enterprise
delay_access 2 deny all
delay_class 3 1
delay_parameters 3 10240/10240
delay_access 3 allow dsl_bandwidth
delay_access 3 deny all
I think everything was right, but since yesterday I see "bad_guys"
downloading from youtube using all my bandwidth !! I have a channel of
128 Kb in technology ATM. So I hope you can help me !!!!!!!
step 1) please verify that a recent release still has this problem.
3.0.STABLE1 was obsoleted years ago.
step 2) check for things like follow_x_forwarded_for allowing them to
fake their source address. 3.0 series did not check this properly and
allows people to trivially bypass any IP-based security if you trust
that header.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.9
