[squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

[Gregory Machin]

Hi
A client of ours needs to access a website that uses WWW-Authenticate:
NTLM, but squid does not pass it through to the browser . The squid
version is Squid Cache: Version 2.6.STABLE13
Whats the work around for this ?
Thanks

RE: [squid-users] time format of error page

[Sameer Shinde]

> Date: Thu, 18 Dec 2008 11:58:04 +1300
> Subject: RE: [squid-users] time format of error page
> From: squ...@treenet.co.nz
> To: s2sam...@hotmail.com
> CC: squ...@treenet.co.nz; squid-users@squid-cache.org
>
>>
>> Amos,
>>
>>> Okay. How exactly are you configuring Squid to use it?
>>
>> I've created a simple html web-stie running in apache2 in the same server.
>> I'm using squidguard to block the sites & if someone access
>> these sites, it redirects the users to this website. Now I want to
>> display this message (Generated on.), in this web-page. So that I can
>> give the squid touch to this web-page & looks more realistic.
>
> Ah, okay. Right.
>
> Those format codes will only work on internally formatted error pages
> generated by squid itself. It's possible to add the page as a template in
> the errors directory and load it through Squid. I thought that was what
> you were doing when you asked for the formats.
>
> For remotely generated pages (deny_info, redirects, etc) you will need
> some javascript or other dynamic code to create the text where the % codes
> are.
> You know already what the final result needs to look like.
>
> Amos

Somewhere down the line, I was also thing the same that, eigther I'll have to 
do some kind 
of java or php scripting for that. I just don't wanted to do java scripting as 
sometimes ppl 
block the java scripting also it gives compatibility issue when checked with 
firefox and IE.
So thought of using the same squid lingo, as its inbuild & ready for my use 
along with the squid.
but no.. I've to do scripting. 

>> ~~~
>> Thanks & Regards,
>> Sameer Shinde.
>> Sr. Customer Support Engineer,
>> Email:- s2sam...@hotmail.com
>> M:- +91 98204 61580
>> http://www.geocities.com/s9sameer
>> If everyone is thinking alike, then somebody isn't thinking.
>>
>> 
>>> Date: Wed, 17 Dec 2008 13:07:35 +1300
>>> From: squ...@treenet.co.nz
>>> To: s2sam...@hotmail.com
>>> CC: squid-users@squid-cache.org
>>> Subject: Re: [squid-users] time format of error page
>>>
>>> Sameer Shinde wrote:
 Amos,

 I added up this line in my mywon.html file but it didn't worked.
 The line format is: "Generated %T by %h (%s)"

 I wanted to add the code in mywon.html file, so that whenever this page
 gets opened
 it will show me the following contents
>> "Generated Tue, 16 Dec 2008 09:19:14 GMT by localhost
>> (squid/3.0.STABLE1)"


>>>
>>> Okay. How exactly are you configuring Squid to use it?
>>>
>>> Amos
>>>



 
> Date: Tue, 16 Dec 2008 22:56:52 +1300
> From: squ...@treenet.co.nz
> To: s2sam...@hotmail.com
> CC: squid-users@squid-cache.org
> Subject: Re: [squid-users] time format of error page
>
> Sameer Shinde wrote:
>> Hi All,
>>
>> Whenever there is any error or any requested page does not get
>> accessed, squid throws
>> messages, with with there is last line saying like this,
>>
>> "Generated Tue, 16 Dec 2008 09:19:14 GMT by localhost
>> (squid/3.0.STABLE1)"
>>
>> Can any one let me know what is the code to generate this line, as I
>> want to add this
>> in a custmized web-page which shows after restrictions.
>> Also If you see, this line shows the time in GMT format, which I want
>> to show in local time format.
>> How to go about it?
>> If you change the log time format, I'm in doubt, whether it will
>> change this time or not, as It will
>> only chnage time time format in the log, not of this page.
>>
>> Anyone, Any hints, welcome.
> The line format is: "Generated %T by %h (%s)"
>
> The timestamp %T is an RFC 1123 standard time format. The HTTP RFC
> requires it to be international with GMT label.
>
> For local time use %t which writes a time in common log format.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
> Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

 _
 You live life online. So we put Windows on the web.
 http://clk.atdmt.com/MRT/go/127032869/direct/01/
>>>
>>>
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
>>> Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1


_
You live life online. So we put Windows on the web. 
http://clk.atdmt.com/MRT/go/127032869/direct/01/

Re: [squid-users] how to append to the requests to origin

[Evuraan::ഏവൂരാന്‍]

Thanks for the response.

The idea is to make entries in origin's access log easily
distinguishable and usefull. The prototype I've is as follows:

Anything from my squids to their origin servers should have a
"Bill-To" header, something like,

~$ curl -v  http://192.168.1.100/index.html -o /dev/null --header
"Bill-To:Western" --silent
* About to connect() to 192.168.1.100 port 80 (#0)
*   Trying 192.168.1.100... connected
* Connected to 192.168.1.100 (192.168.1.100) port 80 (#0)
 GET /index.html HTTP/1.1
 User-Agent: curl/7.16.4
 Host: 192.168.1.100
 Accept: */*
 Accept-Encoding: deflate, gzip
 Bill-To:Western <--

The origin server would then log it in its access log as:

Bill-To:Western host:192.168.1.100 virt:127.0.1.1 


Thx../


2008/12/17 Amos Jeffries :
>> Greetings,
>>
>> I've squid running in non-transparent mode. On a MISS, when it makes
>> requests to the origin, how can something else be passed along with
>> that request? Like a custom signature header? %{Foobar}i or even
>> somehting like:
>>
>> http.setHeader("X-Pew-Pew:Blah-blah-1")
>>
>> thx.!
>>
>
> Define "something" please.
> There are many ways of changing requests. Some are possible some are not.
>
> Amos
>
>

Re: [squid-users] More access.log questions

[Wilson Hernandez - MSD, S. A.]

Amos.

Yes, I meant cache.log NOT access.log sorry for the confusion.

I will remove extension_methods from squid.conf

I won't be able to stop transparent interception because I don't want to 
 go to every clients' sites to change their configurations.


Will this keep the cache "CLEAN"?

Hope it works.

Amos Jeffries wrote:

Amos.

Thanks for replying. After reviewing this access.log file section, is
sqid working correctly or are there any adjustments I need to make to
make run more smoothly?


Did you even read that page on the logs? access.log has nothing to do with
what you are talking about. If your squid.conf names them wrongly please
correct that. Using the correct names for logs is important for
communication.

Your squid is dying regularly on some very fatal errors.
You can do one of two things to fix it:
  The previous behavior of blocking 'NICK' requests. (remove
extension_methods again)
 Or stop doing transparent interception of traffic.

Amos




Amos Jeffries wrote:

w...@msdrd.com wrote:

Hello.

Guys, sorry to post so many questions regarding access.log but, I'm
trying to understand what is squid actually doing and if is working
correctly. I don't understand what all the stuff in the access.log file
are. I check the log everyday. I see something different every time I
check. Below is the latest on access.log and I don't understand why the
cache now is "DIRTY", what is assertion failed, 1 swapin MD5
mismatches,
WARNING: newer swaplog entry for dirno 0, fileno 013B, and all
those
weird characters at the end of the log:
008.LMP%C2%BB%C2%A6%C2%AB_A.zip?Cache'
Ì«* 2008 14:02:37 GMT}ARNING: suspicious CR characters in HTTP header
{Date: Tue, 16 ð@

Please help me understand what's going on.

Well for starters. The access.log does not contain that kind of info.
That stuff should be in the cache.log with the rest of the debug and
administration information.

The FAQ has a good detailed explanation of what the logs do and
contain...
http://wiki.squid-cache.org/SquidFaq/SquidLogs


Thanks in advanced.



2008/12/15 19:26:19| WARNING: 1 swapin MD5 mismatches

Some data received does not match a validity check that it should.
Probably corrupted data in the disk cache attempting to load.



2008/12/15 21:16:13| WARNING: HTTP header contains NULL characters

A client sent Squid an invalid HTTP request. It's being dropped.


{Host: digdug.divxnetworks.com
responseType: text/xml
User-Agent: DivX Player 2.0
Cookie:
GUID=}
2008/12/15 21:41:20| WARNING: 10 swapin MD5 mismatches

A total of 10 objects have now found to be corrupt.


2008/12/15 22:06:28| assertion failed: client_side.cc:2479:
"conn->in.abortedSize == (size_t)conn->bodySizeLeft()"

Squid crashing with received data causing memory or state corruption
somewhere.


2008/12/15 22:06:31| Extension method 'NICK' added, enum=27
2008/12/15 22:06:31| Starting Squid Cache version 3.0.PRE5 for
i486-pc-linux-gnu...
2008/12/15 22:06:31| Process ID 5075
2008/12/15 22:06:31| With 1024 file descriptors available
2008/12/15 22:06:31| DNS Socket created at 0.0.0.0, port 38826, FD 8
2008/12/15 22:06:31| Adding nameserver 200.42.213.11 from squid.conf
2008/12/15 22:06:31| Adding nameserver 200.42.213.21 from squid.conf
2008/12/15 22:06:31| Unlinkd pipe opened on FD 13
2008/12/15 22:06:31| Swap maxSize 10240 KB, estimated 7876923
objects
2008/12/15 22:06:31| Target number of buckets: 393846
2008/12/15 22:06:31| Using 524288 Store buckets
2008/12/15 22:06:31| Max Mem  size: 102400 KB
2008/12/15 22:06:31| Max Swap size: 10240 KB
2008/12/15 22:06:31| Rebuilding storage in /var/log/squid/cache (DIRTY)

Squid crashed earlier before completing its slow cache validation check.
That caused the swap.state journal to be out of sync with the cache,
corrupt or missing. Turning to paranoid and re-building indexes from a
full raw object scan.


2008/12/15 22:06:31| Using Least Load store dir selection
2008/12/15 22:06:31| Current Directory is /
2008/12/15 22:06:31| Loaded Icons.
2008/12/15 22:06:31| Accepting transparently proxied HTTP connections
at
192.168.2.1, port 3128, FD 15.
2008/12/15 22:06:31| HTCP Disabled.
2008/12/15 22:06:31| WCCP Disabled.
2008/12/15 22:06:31| Ready to serve requests.
2008/12/15 22:06:32| Store rebuilding is  1.5% complete
2008/12/15 22:06:47| Store rebuilding is 30.2% complete
2008/12/15 22:06:50| WARNING: newer swaplog entry for dirno 0, fileno
0062
2008/12/15 22:06:55| WARNING: newer swaplog entry for dirno 0, fileno
0132
2008/12/15 22:06:55| WARNING: newer swaplog entry for dirno 0, fileno
0135

3 files have been found to differ between the journal and whats actually
in cache.


2008/12/15 22:07:02| Store rebuilding is 74.0% complete
2008/12/15 22:07:13| Done reading /var/log/squid/cache swaplog (271062
entries)
2008/12/15 22:07:13| Finished rebuilding storage from disk.
2008/12/15 22:07:13|268975 Entries scanned
2008/12/15 22:07:13| 0 Invalid 

RE: [squid-users] winbind directories permissions issue

[Amos Jeffries]

>
>>
 ...
 Amos

 I made some cut from our previous posts to avoid any confusion.

>
> Sorry I haven't had much to do with winbind than we have already
> tried.
> you are the first I've seen where these fixes have not worked.
>
> Can you get a full "ls -la" trace of the directory content and
 permissions
> at a time where it's working, and one where its not? Also a list of
> the
> squid user name and the groups names it belongs to.
>

 $ egrep 'squid|winbin' /etc/passwd /etc/group
 /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
 /etc/group:squidg::1560:
 /etc/group:winbind:::squid

 Below what happended on one of my machine .. sbepskdd.

 some minutes before the bug occured ..

 $ ls -nai /var/lib/samba
 total 121612
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
> locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62144512 Dec 15 08:41
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47
> pipe

 when SQUID is still running but the bug is happening ..

 $ ls -nai /var/lib/samba
 total 122140
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
> locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62414848 Dec 15 10:04
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47
> pipe

 just after restart of SQUID process ..

 $ ls -nai /var/lib/samba
 total 122140
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
> locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62414848 Dec 15 10:04
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47
> pipe

 Now another notice, I made a change last tuesday on another SQUID
> server
 and this seems working almost one week ..

 $ ls -nai /var/lib/samba
 total 78156
 342924 drwxr-xr-x   5 0 512 Dec 15 04:22 .
  66177 drwxr-xr-x   5 00512 Nov 18 01:34 ..
 342930 -rw-r--r--   1 08192 Dec 15 04:22
 gencache.tdb
 342932 -rw-r--r--   1 0 696 N

Re: [squid-users] how to append to the requests to origin

[Amos Jeffries]

> Greetings,
>
> I've squid running in non-transparent mode. On a MISS, when it makes
> requests to the origin, how can something else be passed along with
> that request? Like a custom signature header? %{Foobar}i or even
> somehting like:
>
> http.setHeader("X-Pew-Pew:Blah-blah-1")
>
> thx.!
>

Define "something" please.
There are many ways of changing requests. Some are possible some are not.

Amos

Re: [squid-users] More access.log questions

[Amos Jeffries]

> Amos.
>
> Thanks for replying. After reviewing this access.log file section, is
> sqid working correctly or are there any adjustments I need to make to
> make run more smoothly?

Did you even read that page on the logs? access.log has nothing to do with
what you are talking about. If your squid.conf names them wrongly please
correct that. Using the correct names for logs is important for
communication.

Your squid is dying regularly on some very fatal errors.
You can do one of two things to fix it:
  The previous behavior of blocking 'NICK' requests. (remove
extension_methods again)
 Or stop doing transparent interception of traffic.

Amos

>
>
>
> Amos Jeffries wrote:
>> w...@msdrd.com wrote:
>>> Hello.
>>>
>>> Guys, sorry to post so many questions regarding access.log but, I'm
>>> trying to understand what is squid actually doing and if is working
>>> correctly. I don't understand what all the stuff in the access.log file
>>> are. I check the log everyday. I see something different every time I
>>> check. Below is the latest on access.log and I don't understand why the
>>> cache now is "DIRTY", what is assertion failed, 1 swapin MD5
>>> mismatches,
>>> WARNING: newer swaplog entry for dirno 0, fileno 013B, and all
>>> those
>>> weird characters at the end of the log:
>>> 008.LMP%C2%BB%C2%A6%C2%AB_A.zip?Cache'
>>> Ì«* 2008 14:02:37 GMT}ARNING: suspicious CR characters in HTTP header
>>> {Date: Tue, 16 ð@
>>>
>>> Please help me understand what's going on.
>>
>> Well for starters. The access.log does not contain that kind of info.
>> That stuff should be in the cache.log with the rest of the debug and
>> administration information.
>>
>> The FAQ has a good detailed explanation of what the logs do and
>> contain...
>> http://wiki.squid-cache.org/SquidFaq/SquidLogs
>>
>>>
>>> Thanks in advanced.
>>>
>>>
>>>
>>> 2008/12/15 19:26:19| WARNING: 1 swapin MD5 mismatches
>>
>> Some data received does not match a validity check that it should.
>> Probably corrupted data in the disk cache attempting to load.
>>
>>
>>> 2008/12/15 21:16:13| WARNING: HTTP header contains NULL characters
>>
>> A client sent Squid an invalid HTTP request. It's being dropped.
>>
>>> {Host: digdug.divxnetworks.com
>>> responseType: text/xml
>>> User-Agent: DivX Player 2.0
>>> Cookie:
>>> GUID=}
>>> 2008/12/15 21:41:20| WARNING: 10 swapin MD5 mismatches
>>
>> A total of 10 objects have now found to be corrupt.
>>
>>> 2008/12/15 22:06:28| assertion failed: client_side.cc:2479:
>>> "conn->in.abortedSize == (size_t)conn->bodySizeLeft()"
>>
>> Squid crashing with received data causing memory or state corruption
>> somewhere.
>>
>>> 2008/12/15 22:06:31| Extension method 'NICK' added, enum=27
>>> 2008/12/15 22:06:31| Starting Squid Cache version 3.0.PRE5 for
>>> i486-pc-linux-gnu...
>>> 2008/12/15 22:06:31| Process ID 5075
>>> 2008/12/15 22:06:31| With 1024 file descriptors available
>>> 2008/12/15 22:06:31| DNS Socket created at 0.0.0.0, port 38826, FD 8
>>> 2008/12/15 22:06:31| Adding nameserver 200.42.213.11 from squid.conf
>>> 2008/12/15 22:06:31| Adding nameserver 200.42.213.21 from squid.conf
>>> 2008/12/15 22:06:31| Unlinkd pipe opened on FD 13
>>> 2008/12/15 22:06:31| Swap maxSize 10240 KB, estimated 7876923
>>> objects
>>> 2008/12/15 22:06:31| Target number of buckets: 393846
>>> 2008/12/15 22:06:31| Using 524288 Store buckets
>>> 2008/12/15 22:06:31| Max Mem  size: 102400 KB
>>> 2008/12/15 22:06:31| Max Swap size: 10240 KB
>>> 2008/12/15 22:06:31| Rebuilding storage in /var/log/squid/cache (DIRTY)
>>
>> Squid crashed earlier before completing its slow cache validation check.
>> That caused the swap.state journal to be out of sync with the cache,
>> corrupt or missing. Turning to paranoid and re-building indexes from a
>> full raw object scan.
>>
>>> 2008/12/15 22:06:31| Using Least Load store dir selection
>>> 2008/12/15 22:06:31| Current Directory is /
>>> 2008/12/15 22:06:31| Loaded Icons.
>>> 2008/12/15 22:06:31| Accepting transparently proxied HTTP connections
>>> at
>>> 192.168.2.1, port 3128, FD 15.
>>> 2008/12/15 22:06:31| HTCP Disabled.
>>> 2008/12/15 22:06:31| WCCP Disabled.
>>> 2008/12/15 22:06:31| Ready to serve requests.
>>> 2008/12/15 22:06:32| Store rebuilding is  1.5% complete
>>> 2008/12/15 22:06:47| Store rebuilding is 30.2% complete
>>> 2008/12/15 22:06:50| WARNING: newer swaplog entry for dirno 0, fileno
>>> 0062
>>> 2008/12/15 22:06:55| WARNING: newer swaplog entry for dirno 0, fileno
>>> 0132
>>> 2008/12/15 22:06:55| WARNING: newer swaplog entry for dirno 0, fileno
>>> 0135
>>
>> 3 files have been found to differ between the journal and whats actually
>> in cache.
>>
>>> 2008/12/15 22:07:02| Store rebuilding is 74.0% complete
>>> 2008/12/15 22:07:13| Done reading /var/log/squid/cache swaplog (271062
>>> entries)
>>> 2008/12/15 22:07:13| Finished rebuilding storage from disk.
>>> 2008/12/15 22:07:13|268975 Entries scanned
>

Re: [squid-users] SquidNT 2.6 Stable 16 - Uploading Files Problem

[Amos Jeffries]

> Hi,
>  *REPOST* Can anyone help me with this please?  Is there something in my
> squid.conf file that I need to change or is it a mime.conf problem? Sorry
> I dont have much of an idea of what to look for.  To recap, some people
> are having trouble uploading files using web based email or other websites
> that allow for files to be uploaded.
>
> I have quite a few of these lines:
> 2008/12/04 12:10:02| httpReadReply: Request not yet fully sent "POST
> http://xxx.xxx.xxx.xxx/xxxmoodle/files/index.php";
> Where xxx has been removed.
> I also have the following lines, but I dont think it's associated with
> that error:
> Warning: All url_rewriter processes are busy.
> Warning: Up to 8 pending requests queued.
> and
> Consider increases the number of url-rewriter processes to atleast 16 in
> your config file.
> Thanks,
> Adam
>

Re: [squid-users] SquidNT 2.6 Stable 16 - Uploading Files Problem

[Amos Jeffries]

> Hi,
>  *REPOST* Can anyone help me with this please?  Is there something in my
> squid.conf file that I need to change or is it a mime.conf problem? Sorry
> I dont have much of an idea of what to look for.  To recap, some people
> are having trouble uploading files using web based email or other websites
> that allow for files to be uploaded.
>
> I have quite a few of these lines:
> 2008/12/04 12:10:02| httpReadReply: Request not yet fully sent "POST
> http://xxx.xxx.xxx.xxx/xxxmoodle/files/index.php";
> Where xxx has been removed.
> I also have the following lines, but I dont think it's associated with
> that error:
> Warning: All url_rewriter processes are busy.
> Warning: Up to 8 pending requests queued.
> and
> Consider increases the number of url-rewriter processes to atleast 16 in
> your config file.
> Thanks,
> Adam
>

The re-write5 overload may in fact be related to your problem as it will
halt all pending requests until the overflow queue has been cleared. It
needs fixing urgently anyway.

Also SquidNT is an obsolete experiment, and "Squid 2.6.stable16" is
getting old. Have you tried the newer release ACM Consulting have created?

Amos

[squid-users] how to append to the requests to origin

[Evuraan::ഏവൂരാന്‍]

Greetings,

I've squid running in non-transparent mode. On a MISS, when it makes
requests to the origin, how can something else be passed along with
that request? Like a custom signature header? %{Foobar}i or even
somehting like:

http.setHeader("X-Pew-Pew:Blah-blah-1")

thx.!

Re: Re: [squid-users] clientNatLookup: PF open failed: (13) Permissiondenied

[Amos Jeffries]

> [r...@sraid-server ~]# /home/squid/sbin/squid -v
> Squid Cache: Version 2.7.STABLE4
> configure options:  '--prefix=/home/squid' '--enable-dlmalloc'
> '--with-pthreads' '--enable-poll' '--disable-internal-dns'
> '--enable-stacktrace' '--enable-removal-policies=heap,lru'
> '--enable-delay-pools' '--enable-storeio=aufs,coss,diskd,ufs'
>
>
> 2008-12-17
>
>
>
> thematice
>
>
>
> 发件人： Leslie Jensen
> 发送时间： 2008-12-17  15:33:56
> 收件人： Amos Jeffries; Chris Robertson; squid-users
> 抄送：
> 主题： Re: [squid-users] clientNatLookup: PF open failed: (13)
> Permissiondenied
>
> Amos Jeffries skrev:
>> Chris Robertson wrote:
>>> Leslie Jensen wrote:
 I'm running Squid-3.0.10 on FreeBSD 7.0-RELEASE-p4 with PF.

 I've noticed that in cache.log are a lot of entries as the one below

 clientNatLookup: PF open failed: (13) Permission denied

 I've found some information on the problem via Google.

 One is "start Squid as root". Squid is started via rc.conf so I think
 that is sorted.

 There is a concern about rights on /dev/pf

 Finally there's some advice

  snip
 If you are performing any kind of transparent interception with squid
 you will need one of the --*-transparent options. Without it squid
 will
 fail to correctly spoof the clients IP.
 - snip 

 I do not fully understand where the "--*-transparent options" are to
 be found. And if it's the solution to the problem.

 Will someone Please enlighten me?
>>>
>>> First, I don't know if it is the solution to the problem, but it's an
>>> easy thing to check...
>>>
>>> Run "/path/to/squid -v".  That will show what options squid was
>>> compiled with.  For example:
>>>
>>> -bash-3.00$ /home/squid2/bin/squid -v
>>> Squid Cache: Version 2.6.STABLE3
>>> configure options: '--bindir=/home/squid2/bin'
>>> '--sbindir=/home/squid2/bin' '--libexecdir=/home/squid2/bin'
>>> '--datadir=/home/squid2/etc' '--sysconfdir=/etc/squid'
>>> '--localstatedir=/home/squid2' '--mandir=/usr/man'
>>> '--enable-err-languages=English' '--enable-snmp' '--with-large-files'
>>> '--disable-ident-lookups' '--disable-useragent-log'
>>> '--disable-referer-log' '--enable-async-io' '--enable-epoll'
>>> -bash-3.00$
>>>
>>> If you don't see --enable-pf-transparent in that list, you are going
>>> to need to recompile.
>>>
>>
>> I believe the option is present. The line "PF open failed" should never
>> occur without it.
>>
>> The rc.conf may not necessarily be correct. Bug 2396 bout PF
>> permissions, has only been fixed since 3.0.STABLE8.
>>
>> Amos
> Yes, it's there! Squid is working from what I can see but the error
> messages are of concern to me.

Yes, the NAT/FW table is not accessible to squid, so some of the controls
will be failing.

> Mine is Squid Cache: Version 3.0.STABLE10
> /Leslie
> -- snip ---
> :/usr/local/sbin/squid -v
> Squid Cache: Version 3.0.STABLE10
> configure options:  '--with-default-user=squid'

> '--enable-ipfw-transparent' '--enable-pf-transparent' '--enable-kqueue'

Did you check the rc.conf actions?

I see squid is also built with-default-user, thats the username your proxy
will set itself to run as by default after the startup root stuff is
finished.
Can we also have a look at the /dev/pf permissions and the group
membership of the squid user. (don't change any of that yet, I just think
it might be useful to know).

Amos

RE: [squid-users] time format of error page

[Amos Jeffries]

>
> Amos,
>
>> Okay. How exactly are you configuring Squid to use it?
>
> I've created a simple html web-stie running in apache2 in the same server.
> I'm using squidguard to block the sites & if someone access
> these sites, it redirects the users to this website. Now  I want to
> display this message (Generated on.), in this web-page. So that I can
> give the squid touch to this web-page & looks more realistic.

Ah, okay. Right.

Those format codes will only work on internally formatted error pages
generated by squid itself. It's possible to add the page as a template in
the errors directory and load it through Squid. I thought that was what
you were doing when you asked for the formats.

For remotely generated pages (deny_info, redirects, etc) you will need
some javascript or other dynamic code to create the text where the % codes
are.
You know already what the final result needs to look like.

Amos


>
> ~~~
> Thanks & Regards,
> Sameer Shinde.
> Sr. Customer Support Engineer,
> Email:- s2sam...@hotmail.com
> M:- +91 98204 61580
> http://www.geocities.com/s9sameer
> If everyone is thinking alike, then somebody isn't thinking.
>
>
>
>
>
>
> 
>> Date: Wed, 17 Dec 2008 13:07:35 +1300
>> From: squ...@treenet.co.nz
>> To: s2sam...@hotmail.com
>> CC: squid-users@squid-cache.org
>> Subject: Re: [squid-users] time format of error page
>>
>> Sameer Shinde wrote:
>>> Amos,
>>>
>>> I added up this line in my mywon.html file but it didn't worked.
>>> The line format is: "Generated %T by %h (%s)"
>>>
>>> I wanted to add the code in mywon.html file, so that whenever this page
>>> gets opened
>>> it will show me the following contents
> "Generated Tue, 16 Dec 2008 09:19:14 GMT by localhost
> (squid/3.0.STABLE1)"
>>>
>>>
>>
>> Okay. How exactly are you configuring Squid to use it?
>>
>> Amos
>>
>>>
>>>
>>>
>>> 
 Date: Tue, 16 Dec 2008 22:56:52 +1300
 From: squ...@treenet.co.nz
 To: s2sam...@hotmail.com
 CC: squid-users@squid-cache.org
 Subject: Re: [squid-users] time format of error page

 Sameer Shinde wrote:
> Hi All,
>
> Whenever there is any error or any requested page does not get
> accessed, squid throws
> messages, with with there is last line saying like this,
>
> "Generated Tue, 16 Dec 2008 09:19:14 GMT by localhost
> (squid/3.0.STABLE1)"
>
> Can any one let me know what is the code to generate this line, as I
> want to add this
> in a custmized web-page which shows after restrictions.
> Also If you see, this line shows the time in GMT format, which I want
> to show in local time format.
> How to go about it?
> If you change the log time format, I'm in doubt, whether it will
> change this time or not, as It will
> only chnage time time format in the log, not of this page.
>
> Anyone, Any hints, welcome.
 The line format is: "Generated %T by %h (%s)"

 The timestamp %T is an RFC 1123 standard time format. The HTTP RFC
 requires it to be international with GMT label.

 For local time use %t which writes a time in common log format.

 Amos
 --
 Please be using
 Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
 Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
>>>
>>> _
>>> You live life online. So we put Windows on the web.
>>> http://clk.atdmt.com/MRT/go/127032869/direct/01/
>>
>>
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
>> Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
>
> _
> Send e-mail faster without improving your typing skills.
> http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_speed_122008

Re: [squid-users] Performance problems with 2.6.STABLE18

[Adrian Chadd]

2008/12/17 Mark Kent :

> I tried running under valgrind, and it found a couple of leaks, but I'm
> not sure that those are strictly the problem. If it were a "traditional"
> memory leak, where memory was just wandering off, I don't quite see why
> the CPU would climb along with the memory usage.

Grab oprofile and do some digging?


Adrian

>
> Mark.
>
>
>
> -Original Message-
> From: Kinkie [mailto:gkin...@gmail.com]
> Sent: Wednesday, December 17, 2008 4:50 PM
> To: Mark Kent
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Performance problems with 2.6.STABLE18
>
> On Wed, Dec 17, 2008 at 4:24 PM, Mark Kent 
> wrote:
>>
>>  Hi,
>>
>>  I'm currently having a performance issue with Squid 2.6.STABLE18
>> (running on RHEL4). As I run traffic through the proxy, the memory
>> grows steadily, and apparently without limit. This increase in memory
>> usage is coupled with a steadily growing CPU usage, up to a point at
>> which a single core is saturated (97% usage at ~400MB of RSS). At this
>
>> point, the latency of requests increases. When the load is taken off
>> the proxy, the CPU returns to minimal usage, but the memory usage
>> sticks at the high water mark.
>
>>  I should point out that I'm using squid for authentication only (HTTP
>
>> digest), not for caching. Consequently, I have maximum_object_size and
>
>> maximum_object_size_in_memory both set to 0 in the squid config file.
>> My understanding is that this should be sufficient to stop squid from
>> caching.
>>
>>  There's plenty of spare physical RAM on the machine, so it seems
>> unlikely that it's a memory shortage causing the performance problem.
>> My interpretation is that something has gotten too large for Squid to
>> handle but, without object caching, it's not clear to me what that
>> might be. I would blame the authentication cache, but there's only
>> 2000 different users.
>>
>>  Does anyone have an idea what might be going on, and how to fix it?
>
> There may  be a memory leak somewhere..
> Squid 2.6 is rather old, can you try upgrading to the last 2.7 STABLE
> release?
>
>
>Kinkie
>
> __
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> __
>
> __
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> __
>
>

RE: [squid-users] Performance problems with 2.6.STABLE18

[Mark Kent]

Thanks, Kinkie.

The version that I'm running contains a couple of minor modifications,
so as a first pass I'd rather get the 2.6 version working, rather than
go through a repatch.

I tried running under valgrind, and it found a couple of leaks, but I'm
not sure that those are strictly the problem. If it were a "traditional"
memory leak, where memory was just wandering off, I don't quite see why
the CPU would climb along with the memory usage.

Mark.



-Original Message-
From: Kinkie [mailto:gkin...@gmail.com] 
Sent: Wednesday, December 17, 2008 4:50 PM
To: Mark Kent
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Performance problems with 2.6.STABLE18

On Wed, Dec 17, 2008 at 4:24 PM, Mark Kent 
wrote:
>
>  Hi,
>
>  I'm currently having a performance issue with Squid 2.6.STABLE18 
> (running on RHEL4). As I run traffic through the proxy, the memory 
> grows steadily, and apparently without limit. This increase in memory 
> usage is coupled with a steadily growing CPU usage, up to a point at 
> which a single core is saturated (97% usage at ~400MB of RSS). At this

> point, the latency of requests increases. When the load is taken off 
> the proxy, the CPU returns to minimal usage, but the memory usage 
> sticks at the high water mark.

>  I should point out that I'm using squid for authentication only (HTTP

> digest), not for caching. Consequently, I have maximum_object_size and

> maximum_object_size_in_memory both set to 0 in the squid config file. 
> My understanding is that this should be sufficient to stop squid from 
> caching.
>
>  There's plenty of spare physical RAM on the machine, so it seems 
> unlikely that it's a memory shortage causing the performance problem. 
> My interpretation is that something has gotten too large for Squid to 
> handle but, without object caching, it's not clear to me what that 
> might be. I would blame the authentication cache, but there's only 
> 2000 different users.
>
>  Does anyone have an idea what might be going on, and how to fix it?

There may  be a memory leak somewhere..
Squid 2.6 is rather old, can you try upgrading to the last 2.7 STABLE
release?


Kinkie

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

Re: [squid-users] Performance problems with 2.6.STABLE18

[Kinkie]

On Wed, Dec 17, 2008 at 4:24 PM, Mark Kent  wrote:
>
>  Hi,
>
>  I'm currently having a performance issue with Squid 2.6.STABLE18
> (running on RHEL4). As I run traffic through the proxy, the memory grows
> steadily, and apparently without limit. This increase in memory usage is
> coupled with a steadily growing CPU usage, up to a point at which a
> single core is saturated (97% usage at ~400MB of RSS). At this point,
> the latency of requests increases. When the load is taken off the proxy,
> the CPU returns to minimal usage, but the memory usage sticks at the
> high water mark.

>  I should point out that I'm using squid for authentication only (HTTP
> digest), not for caching. Consequently, I have maximum_object_size and
> maximum_object_size_in_memory both set to 0 in the squid config file. My
> understanding is that this should be sufficient to stop squid from
> caching.
>
>  There's plenty of spare physical RAM on the machine, so it seems
> unlikely that it's a memory shortage causing the performance problem. My
> interpretation is that something has gotten too large for Squid to
> handle but, without object caching, it's not clear to me what that might
> be. I would blame the authentication cache, but there's only 2000
> different users.
>
>  Does anyone have an idea what might be going on, and how to fix it?

There may  be a memory leak somewhere..
Squid 2.6 is rather old, can you try upgrading to the last 2.7 STABLE release?


Kinkie

Re: [squid-users] Squid reload --> assertion failed: store_client.cc:

[Christos Tsantilas]

Hi Thomas,

Thomas Meier wrote:

Hello

just compiled Squid 3.1, but the same error (assertion failed + 
tunnelReadServer )


About tunnelReadServer error, I think you can ignore it.


The first reload now after only  3 Minutes.

What kind of "trace" do you need ??


Is it possible to collect and post some debug information?

enable debuging for 33 and 90 debug sections:
  debug_options ALL,1 33,9 90,9

If it is too much for your server just the following debug info maybe 
will help:

 debug_options ALL,1 33,3

As Amos said posting a core dump stack trace will help. Please read the 
related faq:

http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d

Post the collected info to squid bugzilla:
   http://www.squid-cache.org/bugs/show_bug.cgi?id=2155

We are not able to fix this type of bugs without squid users help

Regards,
Christos



Here the cache.log:
2008/12/17 09:55:22| tunnelReadServer: FD 154: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 188: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 270: read failure: (0) Error 0
2008/12/17 09:55:25| tunnelReadServer: FD 243: read failure: (0) Error 0
2008/12/17 09:55:26| tunnelReadServer: FD 253: read failure: (0) Error 0
2008/12/17 09:56:13| ctx: enter level  0: 
'http://213.203.200.72/chatin?SID=72525605&ID=17198778&OUT=/wer'
2008/12/17 09:56:13| HttpMsg.cc(175) parse: first line of HTTP message 
is invalid

2008/12/17 09:57:16| ctx: exit level  0
2008/12/17 09:57:16| assertion failed: store_client.cc:430: 
"STORE_DISK_CLIENT == getType()"
2008/12/17 09:57:19| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...

[squid-users] Zeros in cachemgr output

[Jevos, Peter]

Hi all

Is this ok with all these zero's in my output ?

Cache information for squid:
Request Hit Ratios: 5min: 0.0%, 60min: 0.0%
Byte Hit Ratios:5min: 87.9%, 60min: 42.4%
Request Memory Hit Ratios:  5min: 0.0%, 60min: 0.0%
Request Disk Hit Ratios:5min: 0.0%, 60min: 0.0%
Storage Swap size:  1843144 KB
Storage Mem size:   104 KB
Mean Object Size:   16.74 KB
Requests given to unlinkd:  42884
Median Service Times (seconds)  5 min60 min:
HTTP Requests (All):   1.00114  1.05672
Cache Misses:  1.00114  1.05672
Cache Hits:0.0  0.0
Near Hits: 0.0  0.0
Not-Modified Replies:  0.0  0.0
DNS Lookups:   0.0  0.00295
ICP Queries:   0.0  0.0

In my access log I can see many value TCP_HIT and cache/log shows no
error message

Thanks 

Br

pet

RE: [squid-users] winbind directories permissions issue

[vincent.blondel]

>
>>> ...
>>> Amos
>>>
>>> I made some cut from our previous posts to avoid any confusion.
>>>

 Sorry I haven't had much to do with winbind than we have already
tried.
 you are the first I've seen where these fixes have not worked.

 Can you get a full "ls -la" trace of the directory content and
>>> permissions
 at a time where it's working, and one where its not? Also a list of
the
 squid user name and the groups names it belongs to.

>>>
>>> $ egrep 'squid|winbin' /etc/passwd /etc/group
>>> /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
>>> /etc/group:squidg::1560:
>>> /etc/group:winbind:::squid
>>>
>>> Below what happended on one of my machine .. sbepskdd.
>>>
>>> some minutes before the bug occured ..
>>>
>>> $ ls -nai /var/lib/samba
>>> total 121612
>>> 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
>>> 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
>>> 162448 -rw-r-   1 08192 Dec 15 04:14
>>> gencache.tdb
>>> 162450 -rw-r-   1 0 696 Nov 17 19:39
>>> idmap_cache.tdb
>>> 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
>>> 162451 -rw-r-   1 08192 Dec 14 22:06
>>> messages.tdb
>>> 162454 -rw-r-   1 0 62144512 Dec 15 08:41
>>> netsamlogon_cache.tdb
>>>  54155 drwxr-x---   2 0 512 Dec 15 04:14
>>> smb_krb5
>>> 162453 -rw---   1 00  57344 Nov 25 06:49
>>> winbindd_cache.tdb
>>> 451222 drwxr-x---   2 0 512 Nov 25 06:47
>>> winbindd_privileged
>>>
>>> $ ls -nai /var/lib/samba/winbindd_privileged
>>> total 4
>>> 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
>>> 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
>>> 451223 srwxrwxrwx   1 00  0 Nov 25 06:47
pipe
>>>
>>> when SQUID is still running but the bug is happening ..
>>>
>>> $ ls -nai /var/lib/samba
>>> total 122140
>>> 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
>>> 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
>>> 162448 -rw-r-   1 08192 Dec 15 04:14
>>> gencache.tdb
>>> 162450 -rw-r-   1 0 696 Nov 17 19:39
>>> idmap_cache.tdb
>>> 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
>>> 162451 -rw-r-   1 08192 Dec 14 22:06
>>> messages.tdb
>>> 162454 -rw-r-   1 0 62414848 Dec 15 10:04
>>> netsamlogon_cache.tdb
>>>  54155 drwxr-x---   2 0 512 Dec 15 04:14
>>> smb_krb5
>>> 162453 -rw---   1 00  57344 Nov 25 06:49
>>> winbindd_cache.tdb
>>> 451222 drwxr-x---   2 0 512 Nov 25 06:47
>>> winbindd_privileged
>>>
>>> $ ls -nai /var/lib/samba/winbindd_privileged
>>> total 4
>>> 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
>>> 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
>>> 451223 srwxrwxrwx   1 00  0 Nov 25 06:47
pipe
>>>
>>> just after restart of SQUID process ..
>>>
>>> $ ls -nai /var/lib/samba
>>> total 122140
>>> 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
>>> 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
>>> 162448 -rw-r-   1 08192 Dec 15 04:14
>>> gencache.tdb
>>> 162450 -rw-r-   1 0 696 Nov 17 19:39
>>> idmap_cache.tdb
>>> 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
>>> 162451 -rw-r-   1 08192 Dec 14 22:06
>>> messages.tdb
>>> 162454 -rw-r-   1 0 62414848 Dec 15 10:04
>>> netsamlogon_cache.tdb
>>>  54155 drwxr-x---   2 0 512 Dec 15 04:14
>>> smb_krb5
>>> 162453 -rw---   1 00  57344 Nov 25 06:49
>>> winbindd_cache.tdb
>>> 451222 drwxr-x---   2 0 512 Nov 25 06:47
>>> winbindd_privileged
>>>
>>> $ ls -nai /var/lib/samba/winbindd_privileged
>>> total 4
>>> 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
>>> 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
>>> 451223 srwxrwxrwx   1 00  0 Nov 25 06:47
pipe
>>>
>>> Now another notice, I made a change last tuesday on another SQUID
server
>>> and this seems working almost one week ..
>>>
>>> $ ls -nai /var/lib/samba
>>> total 78156
>>> 342924 drwxr-xr-x   5 0 512 Dec 15 04:22 .
>>>  66177 drwxr-xr-x   5 00512 Nov 18 01:34 ..
>>> 342930 -rw-r--r--   1 08192 Dec 15 04:22
>>> gencache.tdb
>>> 342932 -rw-r--r--   1 0 696 Nov 18 01:34
>>> idmap_cache.tdb
>>> 354946 drwxr-xr-x   4 0 512 Nov 18 01:34
locks
>>> 342933 -rw-r--r--   1

RE: RES: [squid-users] block https requests

[Dean Weimer]

The host is still known from the request header, and is not encrypted in https, 
only the data in the body of the request and reply is encrypted, if the headers 
were encrypted a proxy would never be able to direct the request to the origin 
server.

Here is a direct copy from a raw TCP data capture of a login to my home web 
server.
CONNECT www.myhostinghome.net:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) 
Gecko/2008102920 Firefox/3.0.4
Proxy-Connection: keep-alive
Host: www.myhostinghome.net
HTTP/1.0 200 Connection established
...II-`.9..$Q6z...j...D ..q...
@.8b.7o"F.D.
...9.8...5.E.D.3.2.A./.
.
[...snip...]

This is the reason you won't find any forms on a decent secure site using the 
GET method as the data submitted will still be visible to anyone in the middle.

Thanks,
 Dean Weimer
 Network Administrator
 Orscheln Management Co

-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] 
Sent: Wednesday, December 17, 2008 11:02 AM
To: squid-users@squid-cache.org
Subject: Re: RES: [squid-users] block https requests

On 16.12.08 13:51, Ricardo Augusto de Souza wrote:
>  I AM used to block sites using:
> 
> 
> acl bad_sites dstdomain "/etc/squid/bad_sites.txt"
> 
> http_access deny bad_sites
> 
>   
> 
> With this my users cannot access all domains listed in
> "/etc/squid/bad_sites.txt" using http but they can access using https.

squid does not see what's in https requests, they are enctypted. That's that
the "s" means (secure): only client and server know what's inside, nobody
other.

you can disable CONNECT method to those hots. You may need to disable
CONNECT to IP addresses.

Or you may do an MITM attack and use sslbump (which means, https won't be
secure anymore for your clients). Clients will detect it - they will see
certificate mismatch (since you won't be able to provide anyone's
certificate but yours)

> How do I solve this?

disable https?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have. 

RE: [squid-users] SSL EDI Site issues

[Joseph L. Casale]

>Add this before the line that requires auth:
>
>acl covisint dstdomain messaging.covisint.com
>http_access allow CONNECT localnet covisint
>
>Assuming that you have the localnet (local network ranges) and CONNECT 
>acls defined already.

Much appreciated Amos, this worked perfectly!
jlc

Re: RES: [squid-users] block https requests

[Matus UHLAR - fantomas]

On 16.12.08 13:51, Ricardo Augusto de Souza wrote:
>  I AM used to block sites using:
> 
> 
> acl bad_sites dstdomain "/etc/squid/bad_sites.txt"
> 
> http_access deny bad_sites
> 
>   
> 
> With this my users cannot access all domains listed in
> "/etc/squid/bad_sites.txt" using http but they can access using https.

squid does not see what's in https requests, they are enctypted. That's that
the "s" means (secure): only client and server know what's inside, nobody
other.

you can disable CONNECT method to those hots. You may need to disable
CONNECT to IP addresses.

Or you may do an MITM attack and use sslbump (which means, https won't be
secure anymore for your clients). Clients will detect it - they will see
certificate mismatch (since you won't be able to provide anyone's
certificate but yours)

> How do I solve this?

disable https?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have. 

[squid-users] TR: [Bulk] Re: [squid-users] TR: [Bulk] Re: TR: certificate verification with sha256 and squid

[Raphael]

Hello again,

In case it helps, I manage to make the reverse proxy check and let access to
the web site with the reverse-proxy Pound (which does not cache anything). I
made another CA to test with sha256 and with 2048 bits certificates, and the
error is still the same with Squid.

Regards

Raphael

-Message d'origine-
De : Amos Jeffries [mailto:squ...@treenet.co.nz] 
Envoyé : lundi 15 décembre 2008 13:23
À : Raphael; Squid Developers
Cc : squid-users@squid-cache.org
Objet : [Bulk] Re: [squid-users] TR: [Bulk] Re: TR: certificate verification
with sha256 and squid

NP: This is a developer question. diverting the converation to squid-dev 
mailing list.

Raphael wrote:
> Hello,
> 
> I am looking for a solution to a certificate checking failure from Squid
to
> filter access to a web server. 
> 
> Here is what I got from the Openssl mailing list.
> 
> "Possibly it is calling SSL_library_init() which doesn't add a complete
set
> of
> digests. OpenSSL_add_all_algorithms() should be called as well."
> 
> I looked into the Squid 3 RC11 and didn't find any occurrences of
> SSL_library_init. Would someone know how Openssl is called and loaded ?

The code should be in  src/ssl_support.*
function:  ssl_initialize(void)

The init code is pretty much:
   SSL_load_error_strings();
   SSLeay_add_ssl_algorithms();

and also in functions sslCreateServerContext and sslCreateClientContext

> 
> Thanks
> 
> Raphael
> 
> -Message d'origine-
> De : owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] De la part de Dr. Stephen Henson
> Envoyé : vendredi 12 décembre 2008 16:39
> À : openssl-us...@openssl.org
> Objet : [Bulk] Re: TR: certificate verification with sha256 and squid
> 
> On Fri, Dec 12, 2008, Raphael wrote:
> 
>> Hi all,
>>
>>  
>>
>> I am setting up a CA and a reverse proxy https with Squid filtering
access
>> to the backend web site.
>>
>> I compiled from source Openssl 0.9.8i on the CA and Squid 2.7 (or 3)
>> servers. I manage to verify the sha256 protected certificate on both
>> computers using :
>>
>>  
>>
>> openssl verify -CAFile /root/CA/cacert.pem -verbose
> /root/72571934AA.pem
>> /root/72571934AA.pem: OK
>>
>>  
>>
>> However when Squid checks client certificate it gives an error in log
> files
>> :
>>
>>  
>>
>> SSL unknown certificate error 7 in /C=FR/O=/OU=Users/CN=72571934AA
>>
>> clientNegotiateSSL: Error negotiating SSL connection on FD 11:error :
>>
>> 0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown mesage digest
>>
>> algorithm (1/-1)
>>
>>  
>>
>> So I think Squid doesn't understand the sha256 message digest so it
cannot
>> verify the certificate ?
>>
>>
> 
> Possibly it is calling SSL_library_init() which doesn't add a complete set
> of
> digests. OpenSSL_add_all_algorithms() should be called as well.
> 
> Steve.

Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

[squid-users] Performance problems with 2.6.STABLE18

[Mark Kent]

 
 Hi,
 
 I'm currently having a performance issue with Squid 2.6.STABLE18
(running on RHEL4). As I run traffic through the proxy, the memory grows
steadily, and apparently without limit. This increase in memory usage is
coupled with a steadily growing CPU usage, up to a point at which a
single core is saturated (97% usage at ~400MB of RSS). At this point,
the latency of requests increases. When the load is taken off the proxy,
the CPU returns to minimal usage, but the memory usage sticks at the
high water mark.
 
 I should point out that I'm using squid for authentication only (HTTP
digest), not for caching. Consequently, I have maximum_object_size and
maximum_object_size_in_memory both set to 0 in the squid config file. My
understanding is that this should be sufficient to stop squid from
caching. 
 
 There's plenty of spare physical RAM on the machine, so it seems
unlikely that it's a memory shortage causing the performance problem. My
interpretation is that something has gotten too large for Squid to
handle but, without object caching, it's not clear to me what that might
be. I would blame the authentication cache, but there's only 2000
different users.
 
 Does anyone have an idea what might be going on, and how to fix it?
 
Manager info is as follows (taken once the load has been removed).
 
Connection information for squid:
Number of clients accessing cache:  4
Number of HTTP requests received:   1474327
Number of ICP messages received:0
Number of ICP messages sent:0
Number of queued ICP replies:   0
Request failure ratio:   0.00
Average HTTP requests per minute since start:   1864.2
Average ICP messages per minute since start:0.0
Select loop called: 5783693 times, 8.204 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 0.0%, 60min: 0.0%
Byte Hit Ratios:5min: -0.0%, 60min: 100.0%
Request Memory Hit Ratios:  5min: 0.0%, 60min: 0.0%
Request Disk Hit Ratios:5min: 0.0%, 60min: 0.0%
Storage Swap size:  0 KB
Storage Mem size:   104 KB
Mean Object Size:   0.00 KB
Requests given to unlinkd:  0
Median Service Times (seconds)  5 min60 min:
HTTP Requests (All):   0.0  0.0
Cache Misses:  0.0  0.0
Cache Hits:0.0  0.0
Near Hits: 0.0  0.0
Not-Modified Replies:  0.0  0.0
DNS Lookups:   0.0  0.0
ICP Queries:   0.0  0.0
Resource usage for squid:
UP Time:47450.907 seconds
CPU Time:   1377.027 seconds
CPU Usage:  2.90%
CPU Usage, 5 minute avg:0.00%
CPU Usage, 60 minute avg:   0.00%
Process Data Segment Size via sbrk(): 601396 KB
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
Total space in arena:  601396 KB
Ordinary blocks:   591340 KB 238750 blks
Small blocks:   0 KB  0 blks
Holding blocks:255248 KB  5 blks
Free Small blocks:  0 KB
Free Ordinary blocks:   10055 KB
Total in use:  846588 KB 99%
Total free: 10055 KB 1%
Total size:856644 KB
Memory accounted for:
Total accounted:98342 KB
memPoolAlloc calls: 275801669
memPoolFree calls: 274326428
File descriptor usage for squid:
Maximum number of file descriptors:   1048576
Largest file desc currently in use:133
Number of file desc currently in use:  133
Files queued for open:   0
Available number of file descriptors: 1048443
Reserved number of file descriptors:   100
Store Disk files open:   0
IO loop method: epoll
Internal Data Structures:
26 StoreEntries
26 StoreEntries with MemObjects
25 Hot Object Cache Items
 0 on-disk objects
squid-

Mark Kent
Principal Software Engineer
Symantec Corporation 
www.symantec.com  
-
Office: (647) 259-4024
Fax: (647) 259-4018
mark_k...@symantec.com  
-


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

[squid-users] Strange crash squid3 STABLE8 + ntlm_auth

[gbillios]

Hello,

I have searched the archives and web but couldn't find anything about
the following error I get in the cache.log after which squid restarts:

 ctx: exit level  0
 assertion failed: helper.cc:1160: "srv->deferred_requests == 0"


Does someone know anything about this?

I'm using squid3 STABLE8 from debian lenny  (3.0.STABLE8-1) .

Thank you

Re: [squid-users] More access.log questions

[Wilson Hernandez - MSD, S. A.]

Amos.

Thanks for replying. After reviewing this access.log file section, is 
sqid working correctly or are there any adjustments I need to make to 
make run more smoothly?




Amos Jeffries wrote:

w...@msdrd.com wrote:

Hello.

Guys, sorry to post so many questions regarding access.log but, I'm
trying to understand what is squid actually doing and if is working
correctly. I don't understand what all the stuff in the access.log file
are. I check the log everyday. I see something different every time I
check. Below is the latest on access.log and I don't understand why the
cache now is "DIRTY", what is assertion failed, 1 swapin MD5 mismatches,
WARNING: newer swaplog entry for dirno 0, fileno 013B, and all those
weird characters at the end of the log:
008.LMP%C2%BB%C2%A6%C2%AB_A.zip?Cache'
Ì«* 2008 14:02:37 GMT}ARNING: suspicious CR characters in HTTP header
{Date: Tue, 16 ð@

Please help me understand what's going on. 


Well for starters. The access.log does not contain that kind of info. 
That stuff should be in the cache.log with the rest of the debug and 
administration information.


The FAQ has a good detailed explanation of what the logs do and contain...
http://wiki.squid-cache.org/SquidFaq/SquidLogs



Thanks in advanced.



2008/12/15 19:26:19| WARNING: 1 swapin MD5 mismatches


Some data received does not match a validity check that it should.
Probably corrupted data in the disk cache attempting to load.



2008/12/15 21:16:13| WARNING: HTTP header contains NULL characters


A client sent Squid an invalid HTTP request. It's being dropped.


{Host: digdug.divxnetworks.com
responseType: text/xml
User-Agent: DivX Player 2.0
Cookie:
GUID=}
2008/12/15 21:41:20| WARNING: 10 swapin MD5 mismatches


A total of 10 objects have now found to be corrupt.


2008/12/15 22:06:28| assertion failed: client_side.cc:2479:
"conn->in.abortedSize == (size_t)conn->bodySizeLeft()"


Squid crashing with received data causing memory or state corruption 
somewhere.



2008/12/15 22:06:31| Extension method 'NICK' added, enum=27
2008/12/15 22:06:31| Starting Squid Cache version 3.0.PRE5 for
i486-pc-linux-gnu...
2008/12/15 22:06:31| Process ID 5075
2008/12/15 22:06:31| With 1024 file descriptors available
2008/12/15 22:06:31| DNS Socket created at 0.0.0.0, port 38826, FD 8
2008/12/15 22:06:31| Adding nameserver 200.42.213.11 from squid.conf
2008/12/15 22:06:31| Adding nameserver 200.42.213.21 from squid.conf
2008/12/15 22:06:31| Unlinkd pipe opened on FD 13
2008/12/15 22:06:31| Swap maxSize 10240 KB, estimated 7876923
objects
2008/12/15 22:06:31| Target number of buckets: 393846
2008/12/15 22:06:31| Using 524288 Store buckets
2008/12/15 22:06:31| Max Mem  size: 102400 KB
2008/12/15 22:06:31| Max Swap size: 10240 KB
2008/12/15 22:06:31| Rebuilding storage in /var/log/squid/cache (DIRTY)


Squid crashed earlier before completing its slow cache validation check.
That caused the swap.state journal to be out of sync with the cache, 
corrupt or missing. Turning to paranoid and re-building indexes from a 
full raw object scan.



2008/12/15 22:06:31| Using Least Load store dir selection
2008/12/15 22:06:31| Current Directory is /
2008/12/15 22:06:31| Loaded Icons.
2008/12/15 22:06:31| Accepting transparently proxied HTTP connections at
192.168.2.1, port 3128, FD 15.
2008/12/15 22:06:31| HTCP Disabled.
2008/12/15 22:06:31| WCCP Disabled.
2008/12/15 22:06:31| Ready to serve requests.
2008/12/15 22:06:32| Store rebuilding is  1.5% complete
2008/12/15 22:06:47| Store rebuilding is 30.2% complete
2008/12/15 22:06:50| WARNING: newer swaplog entry for dirno 0, fileno
0062
2008/12/15 22:06:55| WARNING: newer swaplog entry for dirno 0, fileno
0132
2008/12/15 22:06:55| WARNING: newer swaplog entry for dirno 0, fileno
0135


3 files have been found to differ between the journal and whats actually 
in cache.



2008/12/15 22:07:02| Store rebuilding is 74.0% complete
2008/12/15 22:07:13| Done reading /var/log/squid/cache swaplog (271062
entries)
2008/12/15 22:07:13| Finished rebuilding storage from disk.
2008/12/15 22:07:13|268975 Entries scanned
2008/12/15 22:07:13| 0 Invalid entries.
2008/12/15 22:07:13| 0 With invalid flags.
2008/12/15 22:07:13|268719 Objects loaded.
2008/12/15 22:07:13| 0 Objects expired.
2008/12/15 22:07:13|   185 Objects cancelled.
2008/12/15 22:07:13|  1788 Duplicate URLs purged.
2008/12/15 22:07:13|26 Swapfile clashes avoided.
2008/12/15 22:07:13|   Took 41.2 seconds (6517.7 objects/sec).
2008/12/15 22:07:13| Beginning Validation Procedure
2008/12/15 22:07:13|   262144 Entries Validated so far.
2008/12/15 22:07:13| storeLateRelease: released 2 objects
2008/12/15 22:07:14|   524288 Entries Validated so far.
2008/12/15 22:07:14|   Completed Validation Procedure
2008/12/15 22:07:14|   Validated 533992 Entries
2008/12/15 22:07:14|   store_swap_size = 15636412
2008/12/15 22:14:36| WARNING:

Re: [squid-users] Squid reload --> assertion failed: store_client.cc:

[thematice]

en i can ss


2008-12-17 



thematice 



·¢ŒþÈË£º Thomas Meier 
·¢ËÍʱŒä£º 2008-12-17  19:09:20 
ÊÕŒþÈË£º squid-users 
³­ËÍ£º 
Ö÷Ì⣺ [squid-users] Squid reload --> assertion failed: store_client.cc: 
 
Hello
just compiled Squid 3.1, but the same error (assertion failed + 
tunnelReadServer )
The first reload now after only  3 Minutes.
What kind of "trace" do you need ??
Here the cache.log:
2008/12/17 09:55:22| tunnelReadServer: FD 154: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 188: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 270: read failure: (0) Error 0
2008/12/17 09:55:25| tunnelReadServer: FD 243: read failure: (0) Error 0
2008/12/17 09:55:26| tunnelReadServer: FD 253: read failure: (0) Error 0
2008/12/17 09:56:13| ctx: enter level  0: 
'http://213.203.200.72/chatin?SID=72525605&ID=17198778&OUT=/wer'
2008/12/17 09:56:13| HttpMsg.cc(175) parse: first line of HTTP message 
is invalid
2008/12/17 09:57:16| ctx: exit level  0
2008/12/17 09:57:16| assertion failed: store_client.cc:430: 
"STORE_DISK_CLIENT == getType()"
2008/12/17 09:57:19| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...
And now with Squid3.1 an new ERROR:
2008/12/17 10:07:24| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:08:01| tunnelReadServer: FD 261: read failure: (0) Error 0
2008/12/17 10:08:01| assertion failed: fqdncache.cc:642: 
"!addr.IsAnyAddr() && !addr.IsNoAddr()"
2008/12/17 10:08:05| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...
The "tunnelReadServer" Error overall shows an intervall ~ 3-4 Minutes..
2008/12/17 10:01:08| tunnelReadServer: FD 28: read failure: (0) Error 0
2008/12/17 10:01:08| tunnelReadServer: FD 387: read failure: (0) Error 0
2008/12/17 10:01:12| tunnelReadServer: FD 144: read failure: (0) Error 0
2008/12/17 10:01:12| tunnelReadServer: FD 175: read failure: (0) Error 0
2008/12/17 10:01:13| tunnelReadServer: FD 91: read failure: (0) Error 0
2008/12/17 10:01:13| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 435: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 387: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 146: read failure: (0) Error 0
2008/12/17 10:01:15| tunnelReadServer: FD 47: read failure: (0) Error 0
2008/12/17 10:01:16| tunnelReadServer: FD 314: read failure: (0) Error 0
2008/12/17 10:01:21| tunnelReadServer: FD 303: read failure: (0) Error 0
2008/12/17 10:01:22| tunnelReadServer: FD 35: read failure: (0) Error 0
2008/12/17 10:01:23| tunnelReadServer: FD 163: read failure: (0) Error 0
2008/12/17 10:01:23| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:24| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:24| tunnelReadServer: FD 114: read failure: (0) Error 0
2008/12/17 10:01:25| tunnelReadServer: FD 259: read failure: (0) Error 0
2008/12/17 10:01:26| tunnelReadServer: FD 406: read failure: (0) Error 0
2008/12/17 10:01:27| tunnelReadServer: FD 324: read failure: (0) Error 0
2008/12/17 10:01:28| tunnelReadServer: FD 144: read failure: (0) Error 0
2008/12/17 10:04:01| tunnelReadServer: FD 330: read failure: (0) Error 0
2008/12/17 10:04:03| tunnelReadServer: FD 326: read failure: (0) Error 0
2008/12/17 10:04:05| tunnelReadServer: FD 64: read failure: (0) Error 0
2008/12/17 10:04:06| tunnelReadServer: FD 64: read failure: (0) Error 0
2008/12/17 10:04:06| tunnelReadServer: FD 190: read failure: (0) Error 0
2008/12/17 10:04:14| tunnelReadServer: FD 247: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 221: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 322: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 98: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 13: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 55: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 190: read failure: (0) Error 0
2008/12/17 10:04:17| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:04:18| tunnelReadServer: FD 384: read failure: (0) Error 0
2008/12/17 10:04:18| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:04:19| tunnelReadServer: FD 247: read failure: (0) Error 0
2008/12/17 10:04:19| tunnelReadServer: FD 264: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 413: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 79: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 221: read failure: (0) Error 0
2008/12/17 10:04:27| tunnelReadServer: FD 298: read failure: (0) Error 0
2008/12/17 10:04:28| tunnelReadServer: FD 350: read failure: (0) Error 0
2008/12/17 10:04:30| tunnelReadServer: FD 117: read failure: (0) Error 0
2008/12/17 10:04:31| tunnelReadServer: FD 257: read failure: (0) Error 0
Amos Jeffries schrieb:
> Thomas Meier wrote:
>> Hello,
>>
>> another Problem...
>>
>> after ~ 30 - 60 Min. Squid

[squid-users] SquidNT 2.6 Stable 16 - Uploading Files Problem

[web]

Hi,
 *REPOST* Can anyone help me with this please?  Is there something in my 
squid.conf file that I need to change or is it a mime.conf problem? Sorry I 
dont have much of an idea of what to look for.  To recap, some people are 
having trouble uploading files using web based email or other websites that 
allow for files to be uploaded.

I have quite a few of these lines:
2008/12/04 12:10:02| httpReadReply: Request not yet fully sent "POST 
http://xxx.xxx.xxx.xxx/xxxmoodle/files/index.php";
Where xxx has been removed.
I also have the following lines, but I dont think it's associated with that 
error:
Warning: All url_rewriter processes are busy.
Warning: Up to 8 pending requests queued.
and
Consider increases the number of url-rewriter processes to atleast 16 in your 
config file.
Thanks,
Adam 

[squid-users] Squid reload --> assertion failed: store_client.cc:

[Thomas Meier]

Hello

just compiled Squid 3.1, but the same error (assertion failed + 
tunnelReadServer )


The first reload now after only  3 Minutes.

What kind of "trace" do you need ??

Here the cache.log:
2008/12/17 09:55:22| tunnelReadServer: FD 154: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 188: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 270: read failure: (0) Error 0
2008/12/17 09:55:25| tunnelReadServer: FD 243: read failure: (0) Error 0
2008/12/17 09:55:26| tunnelReadServer: FD 253: read failure: (0) Error 0
2008/12/17 09:56:13| ctx: enter level  0: 
'http://213.203.200.72/chatin?SID=72525605&ID=17198778&OUT=/wer'
2008/12/17 09:56:13| HttpMsg.cc(175) parse: first line of HTTP message 
is invalid

2008/12/17 09:57:16| ctx: exit level  0
2008/12/17 09:57:16| assertion failed: store_client.cc:430: 
"STORE_DISK_CLIENT == getType()"
2008/12/17 09:57:19| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...


And now with Squid3.1 an new ERROR:

2008/12/17 10:07:24| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:08:01| tunnelReadServer: FD 261: read failure: (0) Error 0
2008/12/17 10:08:01| assertion failed: fqdncache.cc:642: 
"!addr.IsAnyAddr() && !addr.IsNoAddr()"
2008/12/17 10:08:05| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...



The "tunnelReadServer" Error overall shows an intervall ~ 3-4 Minutes..

2008/12/17 10:01:08| tunnelReadServer: FD 28: read failure: (0) Error 0
2008/12/17 10:01:08| tunnelReadServer: FD 387: read failure: (0) Error 0
2008/12/17 10:01:12| tunnelReadServer: FD 144: read failure: (0) Error 0
2008/12/17 10:01:12| tunnelReadServer: FD 175: read failure: (0) Error 0
2008/12/17 10:01:13| tunnelReadServer: FD 91: read failure: (0) Error 0
2008/12/17 10:01:13| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 435: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 387: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 146: read failure: (0) Error 0
2008/12/17 10:01:15| tunnelReadServer: FD 47: read failure: (0) Error 0
2008/12/17 10:01:16| tunnelReadServer: FD 314: read failure: (0) Error 0
2008/12/17 10:01:21| tunnelReadServer: FD 303: read failure: (0) Error 0
2008/12/17 10:01:22| tunnelReadServer: FD 35: read failure: (0) Error 0
2008/12/17 10:01:23| tunnelReadServer: FD 163: read failure: (0) Error 0
2008/12/17 10:01:23| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:24| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:24| tunnelReadServer: FD 114: read failure: (0) Error 0
2008/12/17 10:01:25| tunnelReadServer: FD 259: read failure: (0) Error 0
2008/12/17 10:01:26| tunnelReadServer: FD 406: read failure: (0) Error 0
2008/12/17 10:01:27| tunnelReadServer: FD 324: read failure: (0) Error 0
2008/12/17 10:01:28| tunnelReadServer: FD 144: read failure: (0) Error 0
2008/12/17 10:04:01| tunnelReadServer: FD 330: read failure: (0) Error 0
2008/12/17 10:04:03| tunnelReadServer: FD 326: read failure: (0) Error 0
2008/12/17 10:04:05| tunnelReadServer: FD 64: read failure: (0) Error 0
2008/12/17 10:04:06| tunnelReadServer: FD 64: read failure: (0) Error 0
2008/12/17 10:04:06| tunnelReadServer: FD 190: read failure: (0) Error 0
2008/12/17 10:04:14| tunnelReadServer: FD 247: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 221: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 322: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 98: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 13: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 55: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 190: read failure: (0) Error 0
2008/12/17 10:04:17| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:04:18| tunnelReadServer: FD 384: read failure: (0) Error 0
2008/12/17 10:04:18| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:04:19| tunnelReadServer: FD 247: read failure: (0) Error 0
2008/12/17 10:04:19| tunnelReadServer: FD 264: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 413: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 79: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 221: read failure: (0) Error 0
2008/12/17 10:04:27| tunnelReadServer: FD 298: read failure: (0) Error 0
2008/12/17 10:04:28| tunnelReadServer: FD 350: read failure: (0) Error 0
2008/12/17 10:04:30| tunnelReadServer: FD 117: read failure: (0) Error 0
2008/12/17 10:04:31| tunnelReadServer: FD 257: read failure: (0) Error 0



Amos Jeffries schrieb:

Thomas Meier wrote:

Hello,

another Problem...

after ~ 30 - 60 Min. Squid3.0 S4  writes this in the cache.log

.
.
2008/12/16 14:17:07| tunnelReadServer: FD 284: read failure: (0) Error 0
2008/12/16 14:17:08| tunnelReadServer: FD 280: read failure: (0) Error 0
2008/12/16 14:17:

Re: [squid-users] Squid reload --> assertion failed: store_client.cc:

[Thomas Meier]

Hello

just compiled Squid 3.1, but the same error (assertion failed + 
tunnelReadServer )


The first reload now after only  3 Minutes.

What kind of "trace" do you need ??

Here the cache.log:
2008/12/17 09:55:22| tunnelReadServer: FD 154: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 188: read failure: (0) Error 0
2008/12/17 09:55:23| tunnelReadServer: FD 270: read failure: (0) Error 0
2008/12/17 09:55:25| tunnelReadServer: FD 243: read failure: (0) Error 0
2008/12/17 09:55:26| tunnelReadServer: FD 253: read failure: (0) Error 0
2008/12/17 09:56:13| ctx: enter level  0: 
'http://213.203.200.72/chatin?SID=72525605&ID=17198778&OUT=/wer'
2008/12/17 09:56:13| HttpMsg.cc(175) parse: first line of HTTP message 
is invalid

2008/12/17 09:57:16| ctx: exit level  0
2008/12/17 09:57:16| assertion failed: store_client.cc:430: 
"STORE_DISK_CLIENT == getType()"
2008/12/17 09:57:19| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...


And now with Squid3.1 an new ERROR:

2008/12/17 10:07:24| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:08:01| tunnelReadServer: FD 261: read failure: (0) Error 0
2008/12/17 10:08:01| assertion failed: fqdncache.cc:642: 
"!addr.IsAnyAddr() && !addr.IsNoAddr()"
2008/12/17 10:08:05| Starting Squid Cache version 3.1.0.3 for 
sparc-sun-solaris2.9...



The "tunnelReadServer" Error overall shows an intervall ~ 3-4 Minutes..

2008/12/17 10:01:08| tunnelReadServer: FD 28: read failure: (0) Error 0
2008/12/17 10:01:08| tunnelReadServer: FD 387: read failure: (0) Error 0
2008/12/17 10:01:12| tunnelReadServer: FD 144: read failure: (0) Error 0
2008/12/17 10:01:12| tunnelReadServer: FD 175: read failure: (0) Error 0
2008/12/17 10:01:13| tunnelReadServer: FD 91: read failure: (0) Error 0
2008/12/17 10:01:13| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 435: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 387: read failure: (0) Error 0
2008/12/17 10:01:14| tunnelReadServer: FD 146: read failure: (0) Error 0
2008/12/17 10:01:15| tunnelReadServer: FD 47: read failure: (0) Error 0
2008/12/17 10:01:16| tunnelReadServer: FD 314: read failure: (0) Error 0
2008/12/17 10:01:21| tunnelReadServer: FD 303: read failure: (0) Error 0
2008/12/17 10:01:22| tunnelReadServer: FD 35: read failure: (0) Error 0
2008/12/17 10:01:23| tunnelReadServer: FD 163: read failure: (0) Error 0
2008/12/17 10:01:23| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:24| tunnelReadServer: FD 44: read failure: (0) Error 0
2008/12/17 10:01:24| tunnelReadServer: FD 114: read failure: (0) Error 0
2008/12/17 10:01:25| tunnelReadServer: FD 259: read failure: (0) Error 0
2008/12/17 10:01:26| tunnelReadServer: FD 406: read failure: (0) Error 0
2008/12/17 10:01:27| tunnelReadServer: FD 324: read failure: (0) Error 0
2008/12/17 10:01:28| tunnelReadServer: FD 144: read failure: (0) Error 0
2008/12/17 10:04:01| tunnelReadServer: FD 330: read failure: (0) Error 0
2008/12/17 10:04:03| tunnelReadServer: FD 326: read failure: (0) Error 0
2008/12/17 10:04:05| tunnelReadServer: FD 64: read failure: (0) Error 0
2008/12/17 10:04:06| tunnelReadServer: FD 64: read failure: (0) Error 0
2008/12/17 10:04:06| tunnelReadServer: FD 190: read failure: (0) Error 0
2008/12/17 10:04:14| tunnelReadServer: FD 247: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 221: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 322: read failure: (0) Error 0
2008/12/17 10:04:15| tunnelReadServer: FD 98: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 13: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 55: read failure: (0) Error 0
2008/12/17 10:04:16| tunnelReadServer: FD 190: read failure: (0) Error 0
2008/12/17 10:04:17| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:04:18| tunnelReadServer: FD 384: read failure: (0) Error 0
2008/12/17 10:04:18| tunnelReadServer: FD 255: read failure: (0) Error 0
2008/12/17 10:04:19| tunnelReadServer: FD 247: read failure: (0) Error 0
2008/12/17 10:04:19| tunnelReadServer: FD 264: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 413: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 79: read failure: (0) Error 0
2008/12/17 10:04:25| tunnelReadServer: FD 221: read failure: (0) Error 0
2008/12/17 10:04:27| tunnelReadServer: FD 298: read failure: (0) Error 0
2008/12/17 10:04:28| tunnelReadServer: FD 350: read failure: (0) Error 0
2008/12/17 10:04:30| tunnelReadServer: FD 117: read failure: (0) Error 0
2008/12/17 10:04:31| tunnelReadServer: FD 257: read failure: (0) Error 0



Amos Jeffries schrieb:

Thomas Meier wrote:

Hello,

another Problem...

after ~ 30 - 60 Min. Squid3.0 S4  writes this in the cache.log

.
.
2008/12/16 14:17:07| tunnelReadServer: FD 284: read failure: (0) Error 0
2008/12/16 14:17:08| tunnelReadServer: FD 280: read failure: (0) Error 0
2008/12/16 14:17:

[squid-users] squid group authentication and dansguardian

[Kevin Kimani]

Hi guys,

Am having a system running squid that authenticates users from the
Active Directory. Squid is version 2.6 STABLE6 running in CentOS 5.1.
It authenticates users according to the various groups that have been
defined in the Active Directory. If i run squid directly, it
authenticates users according to their groups but in the case of
implementing Dansguardian which is to act as a guard then the
authentication of groups fail miserably. but if i just authenticate
everyone from the AD, it works well only that it doesnt log the
usernames but the IP addresses of the users.
#MY CHANGES---
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
##END HERE

external_acl_type wbinfo_group_helper %LOGIN /usr/lib/squid/wbinfo_group.pl

##MY CHANGES---
acl my_network src 10.1.0.0/20
acl ntlm_users proxy_auth REQUIRED
acl usergroup1 external wbinfo_group_helper internetusers
acl group1 external wbinfo_group_helper directorsinternet
seniormanagers itinternet auditandsystem
acl group2 external wbinfo_group_helper hrinternet financeinternet
citinternet guardinginternet securitysystems salesandmarketing
transportinternet
acl user1_ports port 21 25 80 110 443 1
acl user2_ports port 21 25 80 110 443
acl user3 port 80 443
http_access allow usergroup1
http_access allow my_network
http_access allow localhost
http_access allow ntlm_users
#http_access deny manager
http_access allow group1 user1_ports
http_access allow group2 user2_ports
# And finally deny all other access to this proxy
http_access allow SSL_ports
http_access deny !Safe_ports
http_access deny all
##-

for Dansguardian

filterip = 10.1.0.81

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 10.1.0.81

# the port DansGuardian connects to proxy on
proxyport = 3128

# Auth plugins
# These replace the usernameidmethod* options in previous versions. They
# handle the extraction of client usernames from various sources, such as
# Proxy-Authorisation headers and ident servers, enabling requests to be
# handled according to the settings of the user's filter group.
# Multiple plugins can be specified, and will be queried in order until one
# of them either finds a username or throws an error. For example, if Squid
# is configured with both NTLM and Basic auth enabled, and both the
'proxy-basic'
# and 'proxy-ntlm' auth plugins are enabled here, then clients which
do not support
# NTLM can fall back to Basic without sacrificing access rights.
#
# If you do not use multiple filter groups, you need not specify this option.
#
#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf'
#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf'
authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf'
#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf'
#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf'

These are my acls'. They work in my small testing environment but when
i try to implement them in the clients environment, they just refuse
to work. Could someone please help.