as i speak right now, one of my site is under ddos attack but the rsfirewall doesn't seem to be able to identified that.

after some checking and i find that the rsfirewall is actually capturing the squid ip instead of the actual visitor ip address.

is there any way to handle the Squid in order for the rsfirewall to captured real ip addresses?

www.squid-cache.org/

Throw in suggestion. Thanks.

Hello,

Most operating system have a built in DOS protection. RSFirewall! tries to protect against such types of attacks by verifying the user agent against a known list (or by a user agent absence).

It can only detect the end user that performs the request (in this case the actual DOS) - basically a proxy. What is beyond the proxy the server (the IP that is actually performing this) is rather out of reach.

alexp wrote:
is this mean that, rsfirewall is useless for my situation where my site is hide behind the squid/proxy?