Hello Kevin, Am 28.08.20 um 11:53 schrieb SerNet Support Kevin Ivory: [...] > is there any way to extract only the data you need? > > All cases in my debug log (46 GB) seem to be of a POST > that is logged in access.log as > 2020-08-27 11:29:24 1243 172.16.100.3 TAG_NONE/500 3640 POST > http://srv1.first-businesspost.com/viper? - HIER_NONE/- text/html > The debug cache.log does contain SenderID= and Secret= [...] >>> The cache.log shows >>> 2020/08/18 07:24:04 kid1| suspending ICAP service for too many failures >>> 2020/08/18 07:24:04 kid1| essential ICAP service is suspended: >>> icap://127.0.0.1:1344/service_scanner-reqmod [down,susp,fail11]
In order to debug the problem I need to understand how the failing ICAP service is related to your POST messages with internal server error 500. With debug_options ALL,9 there should be a line with error: or Error: before the ICAP service is suspended or something else that causes the ICAP service to fail. Some internet search also suggests that TAG_NONE/500 errors could be completely unrelated to ICAP and indicate different issues like firewall problems etc. I would clone the customer's squid configuration and try to reproduce the bug on your debug vm or try to find out what all those 500 errors have in common. Just to make sure that we are looking in the right direction, when you unapply CVE-2019-12523.patch now, is everything working normal again? I'm asking because there was another bug in CVE-2019-12529.patch that prevented in some cases the authentication of clients when the kerberos option was turned on. Rebuilding the squid package without those patches may help to narrow down the problem. Regards, Markus
signature.asc
Description: OpenPGP digital signature
