[squid-users] Memory usage TIP !!!
Im using AS4.0 Kernel 2.6.16.20 and my uptime is 11 days... Ive notice that the memory usage only increase, increase and didnt get free. Googling i found this: Writing to this will cause the kernel to drop clean caches, dentries and inodes from memory, causing that memory to become free. To free pagecache: * echo 1 > /proc/sys/vm/drop_caches To free dentries and inodes: * echo 2 > /proc/sys/vm/drop_caches To free pagecache, dentries and inodes: * echo 3 > /proc/sys/vm/drop_caches As this is a non-destructive operation and dirty objects are not freeable, the user should run "sync" first. = My system with 5 days uptime got 50MB free, doing a sync and then echo 3 > /proc/sys/vm/drop_caches frees all the memory making 1683452k free memory =D It free all the cached memory shown in "top". -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
Oh... just find it what it was... I added some syslog into the helper and the problem is in the helper not in squid... =D Soon im gonna publish this external_acl based on DNS in sf.net =] On 7/6/06, Luiz Henrique Ozaki <[EMAIL PROTECTED]> wrote: Well, it just worked a few minutes and then started allowing denied sites... On 7/6/06, Luiz Henrique Ozaki <[EMAIL PROTECTED]> wrote: > squid -k rotate didnt worked... > > service squid restart, now the external acl is working. > > Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? > > > On 7/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > > > > > This site should be denied... What it should be ?? > > > It was working but now started allowing denied sites... uptime is 5 > > > days, i think restarting the server or squid should resolve the > > > problem... But id like to know what it would be causing this issue. > > > > My guess is some bug in the helper making it start return wrong > > information to Squid after some time. I would suggest you add some tracing > > to the helper to determine more exactly what it's doing and why it returns > > OK... > > > > Note: A "squid -k rotate" will restart the helper, but any cached results > > will still be used by Squid subject to your ttl settings in > > external_acl_type. > > > > Regards > > Henrik > > > > > -- > []'s > Luiz Henrique Ozaki > -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
Well, it just worked a few minutes and then started allowing denied sites... On 7/6/06, Luiz Henrique Ozaki <[EMAIL PROTECTED]> wrote: squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > > > This site should be denied... What it should be ?? > > It was working but now started allowing denied sites... uptime is 5 > > days, i think restarting the server or squid should resolve the > > problem... But id like to know what it would be causing this issue. > > My guess is some bug in the helper making it start return wrong > information to Squid after some time. I would suggest you add some tracing > to the helper to determine more exactly what it's doing and why it returns > OK... > > Note: A "squid -k rotate" will restart the helper, but any cached results > will still be used by Squid subject to your ttl settings in > external_acl_type. > > Regards > Henrik > -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > This site should be denied... What it should be ?? > It was working but now started allowing denied sites... uptime is 5 > days, i think restarting the server or squid should resolve the > problem... But id like to know what it would be causing this issue. My guess is some bug in the helper making it start return wrong information to Squid after some time. I would suggest you add some tracing to the helper to determine more exactly what it's doing and why it returns OK... Note: A "squid -k rotate" will restart the helper, but any cached results will still be used by Squid subject to your ttl settings in external_acl_type. Regards Henrik -- []'s Luiz Henrique Ozaki
[squid-users] External ACL allowing denied sites
Hi, Im using a home-made modification of dnsbl_redir for external_acl_type instead of redirector. In squid.conf: external_acl_type dnsbl ttl=60 children=4 %DST %SRC %IDENT %METHOD /usr/local/bin/dnsbl_redir acl policy external dnsbl http_access allow rede10 policy Here goes the cache.log: 2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0' 2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found 2006/07/05 07:04:05| aclMatchAclList: checking policy 2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl' 2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl" 2006/07/05 07:04:05| external_acl_cache_lookup: 'www.brookeburn.com 10.9.0.10 - GET' = expired 2006/07/05 07:04:05| aclMatchExternal: dnsbl("www.brookeburn.com 10.9.0.10 - GET") = lookup needed 2006/07/05 07:04:05| aclMatchAclList: no match, returning 0 2006/07/05 07:04:05| externalAclLookup: lookup in 'dnsbl' for 'www.brookeburn.com 10.9.0.10 - GET' 2006/07/05 07:04:05| cbdataLock: 0x1b815ee8 2006/07/05 07:04:05| cbdataLock: 0xae278e8 2006/07/05 07:04:05| cbdataLock: 0x17ebe158 2006/07/05 07:04:05| cbdataValid: 0x17ebe158 2006/07/05 07:04:05| comm_write: FD 9: sz 35: hndl (nil): data (nil). 2006/07/05 07:04:05| commSetSelect: FD 9 type 2006/07/05 07:04:05| helperDispatch: Request sent to dnsbl #1, 35 bytes 2006/07/05 07:04:05| helperSubmit: www.brookeburn.com 10.9.0.10 - GET 2006/07/05 07:04:05| external_acl_cache_add: Adding 'www.brookeburn.com 10.9.0.10 - GET' = -1 2006/07/05 07:04:05| external_acl_cache_add: updating existing entry 2006/07/05 07:04:05| cbdataUnlock: 0xae278e8 2006/07/05 07:04:05| comm_close: FD 36 2006/07/05 07:04:05| cbdataFree: 0x842e918 2006/07/05 07:04:05| cbdataFree: 0x842e918 has 2 locks, not freeing 2006/07/05 07:04:05| cbdataUnlock: 0x842e918 2006/07/05 07:04:05| fd_close FD 36 ident 2006/07/05 07:04:05| cbdataUnlock: 0x842e918 2006/07/05 07:04:05| cbdataUnlock: Freeing 0x842e918 2006/07/05 07:04:05| comm_poll: 1+0 FDs ready 2006/07/05 07:04:05| comm_poll: FD 9 ready for writing 2006/07/05 07:04:05| commHandleWrite: FD 9: off 0, sz 35. 2006/07/05 07:04:05| commHandleWrite: write() returns 35 2006/07/05 07:04:05| comm_poll: 1+0 FDs ready 2006/07/05 07:04:05| comm_poll: FD 9 ready for reading 2006/07/05 07:04:05| cbdataValid: 0x823aa18 2006/07/05 07:04:05| helperHandleRead: 3 bytes from dnsbl #1. 2006/07/05 07:04:05| commSetSelect: FD 9 type 1 2006/07/05 07:04:05| helperHandleRead: end of reply found 2006/07/05 07:04:05| cbdataValid: 0x17ebe158 2006/07/05 07:04:05| externalAclHandleReply: reply="OK" 2006/07/05 07:04:05| cbdataValid: 0x1b815ee8 2006/07/05 07:04:05| external_acl_cache_add: Adding 'www.brookeburn.com 10.9.0.10 - GET' = 1 2006/07/05 07:04:05| external_acl_cache_add: updating existing entry 2006/07/05 07:04:05| cbdataUnlock: 0x1b815ee8 2006/07/05 07:04:05| cbdataValid: 0xae278e8 2006/07/05 07:04:05| cbdataLock: 0x103951a0 2006/07/05 07:04:05| cbdataValid: 0x821fde0 2006/07/05 07:04:05| aclCheck: checking 'http_access allow rede10 policy' 2006/07/05 07:04:05| aclMatchAclList: checking rede10 2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0' 2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found 2006/07/05 07:04:05| aclMatchAclList: checking policy 2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl' 2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl" 2006/07/05 07:04:05| cbdataValid: 0x103951a0 2006/07/05 07:04:05| cbdataUnlock: 0x103951a0 2006/07/05 07:04:05| aclMatchExternal: dnsbl = 1 2006/07/05 07:04:05| aclMatchAclList: returning 1 2006/07/05 07:04:05| aclCheck: match found, returning 1 2006/07/05 07:04:05| cbdataUnlock: 0x821fde0 2006/07/05 07:04:05| aclCheckCallback: answer=1 2006/07/05 07:04:05| cbdataValid: 0xcd0c160 2006/07/05 07:04:05| The request GET http://www.brookeburn.com/ is ALLOWED, because it matched 'policy' Resuming, externalAclHandleReply: reply="OK". But when i do: echo "www.brookeburn.com 10.9.0.10 - GET" | /usr/local/bin/dnsbl_redir ERR This site should be denied... What it should be ?? It was working but now started allowing denied sites... uptime is 5 days, i think restarting the server or squid should resolve the problem... But id like to know what it would be causing this issue. Regards, -- []'s Luiz Henrique Ozaki
[squid-users] External ACL allowing denied sites
Hi, Im using a home-made modification of dnsbl_redir for external_acl_type instead of redirector. In squid.conf: external_acl_type dnsbl ttl=60 children=4 %DST %SRC %IDENT %METHOD /usr/local/bin/dnsbl_redir acl policy external dnsbl http_access allow rede10 policy Here goes the cache.log: 2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0' 2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found 2006/07/05 07:04:05| aclMatchAclList: checking policy 2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl' 2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl" 2006/07/05 07:04:05| external_acl_cache_lookup: 'www.brookeburn.com 10.9.0.10 - GET' = expired 2006/07/05 07:04:05| aclMatchExternal: dnsbl("www.brookeburn.com 10.9.0.10 - GET") = lookup needed 2006/07/05 07:04:05| aclMatchAclList: no match, returning 0 2006/07/05 07:04:05| externalAclLookup: lookup in 'dnsbl' for 'www.brookeburn.com 10.9.0.10 - GET' 2006/07/05 07:04:05| cbdataLock: 0x1b815ee8 2006/07/05 07:04:05| cbdataLock: 0xae278e8 2006/07/05 07:04:05| cbdataLock: 0x17ebe158 2006/07/05 07:04:05| cbdataValid: 0x17ebe158 2006/07/05 07:04:05| comm_write: FD 9: sz 35: hndl (nil): data (nil). 2006/07/05 07:04:05| commSetSelect: FD 9 type 2006/07/05 07:04:05| helperDispatch: Request sent to dnsbl #1, 35 bytes 2006/07/05 07:04:05| helperSubmit: www.brookeburn.com 10.9.0.10 - GET 2006/07/05 07:04:05| external_acl_cache_add: Adding 'www.brookeburn.com 10.9.0.10 - GET' = -1 2006/07/05 07:04:05| external_acl_cache_add: updating existing entry 2006/07/05 07:04:05| cbdataUnlock: 0xae278e8 2006/07/05 07:04:05| comm_close: FD 36 2006/07/05 07:04:05| cbdataFree: 0x842e918 2006/07/05 07:04:05| cbdataFree: 0x842e918 has 2 locks, not freeing 2006/07/05 07:04:05| cbdataUnlock: 0x842e918 2006/07/05 07:04:05| fd_close FD 36 ident 2006/07/05 07:04:05| cbdataUnlock: 0x842e918 2006/07/05 07:04:05| cbdataUnlock: Freeing 0x842e918 2006/07/05 07:04:05| comm_poll: 1+0 FDs ready 2006/07/05 07:04:05| comm_poll: FD 9 ready for writing 2006/07/05 07:04:05| commHandleWrite: FD 9: off 0, sz 35. 2006/07/05 07:04:05| commHandleWrite: write() returns 35 2006/07/05 07:04:05| comm_poll: 1+0 FDs ready 2006/07/05 07:04:05| comm_poll: FD 9 ready for reading 2006/07/05 07:04:05| cbdataValid: 0x823aa18 2006/07/05 07:04:05| helperHandleRead: 3 bytes from dnsbl #1. 2006/07/05 07:04:05| commSetSelect: FD 9 type 1 2006/07/05 07:04:05| helperHandleRead: end of reply found 2006/07/05 07:04:05| cbdataValid: 0x17ebe158 2006/07/05 07:04:05| externalAclHandleReply: reply="OK" 2006/07/05 07:04:05| cbdataValid: 0x1b815ee8 2006/07/05 07:04:05| external_acl_cache_add: Adding 'www.brookeburn.com 10.9.0.10 - GET' = 1 2006/07/05 07:04:05| external_acl_cache_add: updating existing entry 2006/07/05 07:04:05| cbdataUnlock: 0x1b815ee8 2006/07/05 07:04:05| cbdataValid: 0xae278e8 2006/07/05 07:04:05| cbdataLock: 0x103951a0 2006/07/05 07:04:05| cbdataValid: 0x821fde0 2006/07/05 07:04:05| aclCheck: checking 'http_access allow rede10 policy' 2006/07/05 07:04:05| aclMatchAclList: checking rede10 2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0' 2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found 2006/07/05 07:04:05| aclMatchAclList: checking policy 2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl' 2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl" 2006/07/05 07:04:05| cbdataValid: 0x103951a0 2006/07/05 07:04:05| cbdataUnlock: 0x103951a0 2006/07/05 07:04:05| aclMatchExternal: dnsbl = 1 2006/07/05 07:04:05| aclMatchAclList: returning 1 2006/07/05 07:04:05| aclCheck: match found, returning 1 2006/07/05 07:04:05| cbdataUnlock: 0x821fde0 2006/07/05 07:04:05| aclCheckCallback: answer=1 2006/07/05 07:04:05| cbdataValid: 0xcd0c160 2006/07/05 07:04:05| The request GET http://www.brookeburn.com/ is ALLOWED, because it matched 'policy' Resuming, externalAclHandleReply: reply="OK". But when i do: echo "www.brookeburn.com 10.9.0.10 - GET" | /usr/local/bin/dnsbl_redir ERR This site should be denied... What it should be ?? It was working but now started allowing denied sites... uptime is 5 days, i think restarting the server or squid should resolve the problem... But id like to know what it would be causing this issue. Regards, -- []'s Luiz Henrique Ozaki
Re: [squid-users] DNSBL Redirector
Ive got it... external_acl_type dnsbl children=10 %DST %SRC %IDENT %METHOD /usr/local/bin/dnsbl_redir2 acl policy external dnsbl http_access allow rede10 policy http_access allow rede200-1 policy http_access allow rede200-2 policy I dont want to use url_regex regarding performance issues. Im using a DNS Black-List that is much faster. Thanks On 6/12/06, "Luís Fernando C. Talora" <[EMAIL PROTECTED]> wrote: Instead of using redirectores, I use "deny_info" on squid.conf (much easier), as follows: - # Declaration of the ACL for Pornography acl porn url_regex -i "/etc/squid/lists/porn.url" # Redirection to 10.0.0.10 deny_info http://10.0.0.10/proxy/?cat=porn&url=%s porn # Blocking access to porn (user will be redirected to the link above) http_access deny all porn - It rocks! Regards, Luis Talora Luiz Henrique Ozaki escreveu: > Hi, > > Im using a DNSBL redirector that denies some sites redirecting to a > warning page. > How can I make denied sites from the redirector to get logged in the > access.log as denied ?? > > Im using dnsbl on redirect_program ( http://www.frws.com/squid_block/). > > Is it possible to use external_acl_type with this redirector with a > little modification making this 'redirector' like the squid ACLs ? > Like when got a denied, gets a squid denied message and get logged in > access.log. > -- []'s Luiz Henrique Ozaki
[squid-users] DNSBL Redirector
Hi, Im using a DNSBL redirector that denies some sites redirecting to a warning page. How can I make denied sites from the redirector to get logged in the access.log as denied ?? Im using dnsbl on redirect_program ( http://www.frws.com/squid_block/). Is it possible to use external_acl_type with this redirector with a little modification making this 'redirector' like the squid ACLs ? Like when got a denied, gets a squid denied message and get logged in access.log. -- []'s Luiz Henrique Ozaki