I run a proxy server with squid and I've just got a report that a user of mine tried a ddos using my proxy. I can I block such requests? Ex: Allow just max 5 requests on the same domain on the same minute?
LATER EDIT max 5 requests per minute for the same URL
Are you sure it was someone from inside your organization? If your proxy is accessible and usable from the Internet, anyone in the world could be using it to do whatever they please.
If it was indeed one of your users, you should probably take steps to remove their access to your network.
As for the 5 requests per minute: That would make it completely unusable.
Use OpenDNS (http://www.opendns.com/) as dns server for your proxy: it has automatic block & detection of botnet and similar problems. Probably you have some kind of infection on the pc we're talking about. With a free account you'd also get the chance to do a nice web filtering and stats work.
Using malwarebyte's antimalware (http://www.malwarebytes.org/mbam.php) + superantipsyware (http://www.superantispyware.com/download.html) solved all my similar problems and both have free version.
If, this could be the other case, the user is aware of trying a ddos attack just talk with him first and then with the boss. Nothing works better than that.
As for the 5 requests per minute: That would make it completely unusable.
I do totally agree, @Hyppy. :)
