×

Question:

How do you Deal with TCP_MISS/000 problems?

 

Answer:

Automatic firewalling on the proxy when a client is found to use very many
connections. This can be done by a combination of maxconn acl and
external_acl_type.

Needs a moderate amount of scripting to make the external_acl_type helper
wich firewalls the client, but not much.

acl very_many_connections maxconn 50
external_acl_type firewall_client %SRC /path/to/helper
acl firewall_client external firewall_client

http_access deny very_many_connections firewall_client

You can also have a small program monitoring access.log and automatically
firewalling clients causing very many TCP_MISS/000 entries.. this is
probably simpler and more reliable, but requires a little more scripting
(but still only a moderate amount). PERL using the File::Tail module is
recommended for the job.