[squid-users] Memory usage TIP !!!
Im using AS4.0 Kernel 2.6.16.20 and my uptime is 11 days... Ive notice that the memory usage only increase, increase and didnt get free. Googling i found this: Writing to this will cause the kernel to drop clean caches, dentries and inodes from memory, causing that memory to become free. To free pagecache: * echo 1 > /proc/sys/vm/drop_caches To free dentries and inodes: * echo 2 > /proc/sys/vm/drop_caches To free pagecache, dentries and inodes: * echo 3 > /proc/sys/vm/drop_caches As this is a non-destructive operation and dirty objects are not freeable, the user should run "sync" first. = My system with 5 days uptime got 50MB free, doing a sync and then echo 3 > /proc/sys/vm/drop_caches frees all the memory making 1683452k free memory =D It free all the cached memory shown in "top". -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
Oh... just find it what it was... I added some syslog into the helper and the problem is in the helper not in squid... =D Soon im gonna publish this external_acl based on DNS in sf.net =] On 7/6/06, Luiz Henrique Ozaki <[EMAIL PROTECTED]> wrote: Well, it just worked a few minutes and then started allowing denied sites... On 7/6/06, Luiz Henrique Ozaki <[EMAIL PROTECTED]> wrote: > squid -k rotate didnt worked... > > service squid restart, now the external acl is working. > > Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? > > > On 7/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > > > > > This site should be denied... What it should be ?? > > > It was working but now started allowing denied sites... uptime is 5 > > > days, i think restarting the server or squid should resolve the > > > problem... But id like to know what it would be causing this issue. > > > > My guess is some bug in the helper making it start return wrong > > information to Squid after some time. I would suggest you add some tracing > > to the helper to determine more exactly what it's doing and why it returns > > OK... > > > > Note: A "squid -k rotate" will restart the helper, but any cached results > > will still be used by Squid subject to your ttl settings in > > external_acl_type. > > > > Regards > > Henrik > > > > > -- > []'s > Luiz Henrique Ozaki > -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
Well, it just worked a few minutes and then started allowing denied sites... On 7/6/06, Luiz Henrique Ozaki <[EMAIL PROTECTED]> wrote: squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > > > This site should be denied... What it should be ?? > > It was working but now started allowing denied sites... uptime is 5 > > days, i think restarting the server or squid should resolve the > > problem... But id like to know what it would be causing this issue. > > My guess is some bug in the helper making it start return wrong > information to Squid after some time. I would suggest you add some tracing > to the helper to determine more exactly what it's doing and why it returns > OK... > > Note: A "squid -k rotate" will restart the helper, but any cached results > will still be used by Squid subject to your ttl settings in > external_acl_type. > > Regards > Henrik > -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > This site should be denied... What it should be ?? > It was working but now started allowing denied sites... uptime is 5 > days, i think restarting the server or squid should resolve the > problem... But id like to know what it would be causing this issue. My guess is some bug in the helper making it start return wrong information to Squid after some time. I would suggest you add some tracing to the helper to determine more exactly what it's doing and why it returns OK... Note: A "squid -k rotate" will restart the helper, but any cached results will still be used by Squid subject to your ttl settings in external_acl_type. Regards Henrik -- []'s Luiz Henrique Ozaki
[squid-users] External ACL allowing denied sites
Hi,
Im using a home-made modification of dnsbl_redir for external_acl_type
instead of redirector.
In squid.conf:
external_acl_type dnsbl ttl=60 children=4 %DST %SRC %IDENT %METHOD
/usr/local/bin/dnsbl_redir
acl policy external dnsbl
http_access allow rede10 policy
Here goes the cache.log:
2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0'
2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found
2006/07/05 07:04:05| aclMatchAclList: checking policy
2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl'
2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl"
2006/07/05 07:04:05| external_acl_cache_lookup: 'www.brookeburn.com
10.9.0.10 - GET' = expired
2006/07/05 07:04:05| aclMatchExternal: dnsbl("www.brookeburn.com
10.9.0.10 - GET") = lookup needed
2006/07/05 07:04:05| aclMatchAclList: no match, returning 0
2006/07/05 07:04:05| externalAclLookup: lookup in 'dnsbl' for
'www.brookeburn.com 10.9.0.10 - GET'
2006/07/05 07:04:05| cbdataLock: 0x1b815ee8
2006/07/05 07:04:05| cbdataLock: 0xae278e8
2006/07/05 07:04:05| cbdataLock: 0x17ebe158
2006/07/05 07:04:05| cbdataValid: 0x17ebe158
2006/07/05 07:04:05| comm_write: FD 9: sz 35: hndl (nil): data (nil).
2006/07/05 07:04:05| commSetSelect: FD 9 type
2006/07/05 07:04:05| helperDispatch: Request sent to dnsbl #1, 35 bytes
2006/07/05 07:04:05| helperSubmit: www.brookeburn.com 10.9.0.10 - GET
2006/07/05 07:04:05| external_acl_cache_add: Adding
'www.brookeburn.com 10.9.0.10 - GET' = -1
2006/07/05 07:04:05| external_acl_cache_add: updating existing entry
2006/07/05 07:04:05| cbdataUnlock: 0xae278e8
2006/07/05 07:04:05| comm_close: FD 36
2006/07/05 07:04:05| cbdataFree: 0x842e918
2006/07/05 07:04:05| cbdataFree: 0x842e918 has 2 locks, not freeing
2006/07/05 07:04:05| cbdataUnlock: 0x842e918
2006/07/05 07:04:05| fd_close FD 36 ident
2006/07/05 07:04:05| cbdataUnlock: 0x842e918
2006/07/05 07:04:05| cbdataUnlock: Freeing 0x842e918
2006/07/05 07:04:05| comm_poll: 1+0 FDs ready
2006/07/05 07:04:05| comm_poll: FD 9 ready for writing
2006/07/05 07:04:05| commHandleWrite: FD 9: off 0, sz 35.
2006/07/05 07:04:05| commHandleWrite: write() returns 35
2006/07/05 07:04:05| comm_poll: 1+0 FDs ready
2006/07/05 07:04:05| comm_poll: FD 9 ready for reading
2006/07/05 07:04:05| cbdataValid: 0x823aa18
2006/07/05 07:04:05| helperHandleRead: 3 bytes from dnsbl #1.
2006/07/05 07:04:05| commSetSelect: FD 9 type 1
2006/07/05 07:04:05| helperHandleRead: end of reply found
2006/07/05 07:04:05| cbdataValid: 0x17ebe158
2006/07/05 07:04:05| externalAclHandleReply: reply="OK"
2006/07/05 07:04:05| cbdataValid: 0x1b815ee8
2006/07/05 07:04:05| external_acl_cache_add: Adding
'www.brookeburn.com 10.9.0.10 - GET' = 1
2006/07/05 07:04:05| external_acl_cache_add: updating existing entry
2006/07/05 07:04:05| cbdataUnlock: 0x1b815ee8
2006/07/05 07:04:05| cbdataValid: 0xae278e8
2006/07/05 07:04:05| cbdataLock: 0x103951a0
2006/07/05 07:04:05| cbdataValid: 0x821fde0
2006/07/05 07:04:05| aclCheck: checking 'http_access allow rede10 policy'
2006/07/05 07:04:05| aclMatchAclList: checking rede10
2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0'
2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found
2006/07/05 07:04:05| aclMatchAclList: checking policy
2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl'
2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl"
2006/07/05 07:04:05| cbdataValid: 0x103951a0
2006/07/05 07:04:05| cbdataUnlock: 0x103951a0
2006/07/05 07:04:05| aclMatchExternal: dnsbl = 1
2006/07/05 07:04:05| aclMatchAclList: returning 1
2006/07/05 07:04:05| aclCheck: match found, returning 1
2006/07/05 07:04:05| cbdataUnlock: 0x821fde0
2006/07/05 07:04:05| aclCheckCallback: answer=1
2006/07/05 07:04:05| cbdataValid: 0xcd0c160
2006/07/05 07:04:05| The request GET http://www.brookeburn.com/ is
ALLOWED, because it matched 'policy'
Resuming, externalAclHandleReply: reply="OK". But when i do:
echo "www.brookeburn.com 10.9.0.10 - GET" | /usr/local/bin/dnsbl_redir
ERR
This site should be denied... What it should be ??
It was working but now started allowing denied sites... uptime is 5
days, i think restarting the server or squid should resolve the
problem... But id like to know what it would be causing this issue.
Regards,
--
[]'s
Luiz Henrique Ozaki
[squid-users] External ACL allowing denied sites
Hi,
Im using a home-made modification of dnsbl_redir for external_acl_type
instead of redirector.
In squid.conf:
external_acl_type dnsbl ttl=60 children=4 %DST %SRC %IDENT %METHOD
/usr/local/bin/dnsbl_redir
acl policy external dnsbl
http_access allow rede10 policy
Here goes the cache.log:
2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0'
2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found
2006/07/05 07:04:05| aclMatchAclList: checking policy
2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl'
2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl"
2006/07/05 07:04:05| external_acl_cache_lookup: 'www.brookeburn.com
10.9.0.10 - GET' = expired
2006/07/05 07:04:05| aclMatchExternal: dnsbl("www.brookeburn.com
10.9.0.10 - GET") = lookup needed
2006/07/05 07:04:05| aclMatchAclList: no match, returning 0
2006/07/05 07:04:05| externalAclLookup: lookup in 'dnsbl' for
'www.brookeburn.com 10.9.0.10 - GET'
2006/07/05 07:04:05| cbdataLock: 0x1b815ee8
2006/07/05 07:04:05| cbdataLock: 0xae278e8
2006/07/05 07:04:05| cbdataLock: 0x17ebe158
2006/07/05 07:04:05| cbdataValid: 0x17ebe158
2006/07/05 07:04:05| comm_write: FD 9: sz 35: hndl (nil): data (nil).
2006/07/05 07:04:05| commSetSelect: FD 9 type
2006/07/05 07:04:05| helperDispatch: Request sent to dnsbl #1, 35 bytes
2006/07/05 07:04:05| helperSubmit: www.brookeburn.com 10.9.0.10 - GET
2006/07/05 07:04:05| external_acl_cache_add: Adding
'www.brookeburn.com 10.9.0.10 - GET' = -1
2006/07/05 07:04:05| external_acl_cache_add: updating existing entry
2006/07/05 07:04:05| cbdataUnlock: 0xae278e8
2006/07/05 07:04:05| comm_close: FD 36
2006/07/05 07:04:05| cbdataFree: 0x842e918
2006/07/05 07:04:05| cbdataFree: 0x842e918 has 2 locks, not freeing
2006/07/05 07:04:05| cbdataUnlock: 0x842e918
2006/07/05 07:04:05| fd_close FD 36 ident
2006/07/05 07:04:05| cbdataUnlock: 0x842e918
2006/07/05 07:04:05| cbdataUnlock: Freeing 0x842e918
2006/07/05 07:04:05| comm_poll: 1+0 FDs ready
2006/07/05 07:04:05| comm_poll: FD 9 ready for writing
2006/07/05 07:04:05| commHandleWrite: FD 9: off 0, sz 35.
2006/07/05 07:04:05| commHandleWrite: write() returns 35
2006/07/05 07:04:05| comm_poll: 1+0 FDs ready
2006/07/05 07:04:05| comm_poll: FD 9 ready for reading
2006/07/05 07:04:05| cbdataValid: 0x823aa18
2006/07/05 07:04:05| helperHandleRead: 3 bytes from dnsbl #1.
2006/07/05 07:04:05| commSetSelect: FD 9 type 1
2006/07/05 07:04:05| helperHandleRead: end of reply found
2006/07/05 07:04:05| cbdataValid: 0x17ebe158
2006/07/05 07:04:05| externalAclHandleReply: reply="OK"
2006/07/05 07:04:05| cbdataValid: 0x1b815ee8
2006/07/05 07:04:05| external_acl_cache_add: Adding
'www.brookeburn.com 10.9.0.10 - GET' = 1
2006/07/05 07:04:05| external_acl_cache_add: updating existing entry
2006/07/05 07:04:05| cbdataUnlock: 0x1b815ee8
2006/07/05 07:04:05| cbdataValid: 0xae278e8
2006/07/05 07:04:05| cbdataLock: 0x103951a0
2006/07/05 07:04:05| cbdataValid: 0x821fde0
2006/07/05 07:04:05| aclCheck: checking 'http_access allow rede10 policy'
2006/07/05 07:04:05| aclMatchAclList: checking rede10
2006/07/05 07:04:05| aclMatchAcl: checking 'acl rede10 src 10.0.0.0/255.0.0.0'
2006/07/05 07:04:05| aclMatchIp: '10.9.0.10' found
2006/07/05 07:04:05| aclMatchAclList: checking policy
2006/07/05 07:04:05| aclMatchAcl: checking 'acl policy external dnsbl'
2006/07/05 07:04:05| aclMatchExternal: acl="dnsbl"
2006/07/05 07:04:05| cbdataValid: 0x103951a0
2006/07/05 07:04:05| cbdataUnlock: 0x103951a0
2006/07/05 07:04:05| aclMatchExternal: dnsbl = 1
2006/07/05 07:04:05| aclMatchAclList: returning 1
2006/07/05 07:04:05| aclCheck: match found, returning 1
2006/07/05 07:04:05| cbdataUnlock: 0x821fde0
2006/07/05 07:04:05| aclCheckCallback: answer=1
2006/07/05 07:04:05| cbdataValid: 0xcd0c160
2006/07/05 07:04:05| The request GET http://www.brookeburn.com/ is
ALLOWED, because it matched 'policy'
Resuming, externalAclHandleReply: reply="OK". But when i do:
echo "www.brookeburn.com 10.9.0.10 - GET" | /usr/local/bin/dnsbl_redir
ERR
This site should be denied... What it should be ??
It was working but now started allowing denied sites... uptime is 5
days, i think restarting the server or squid should resolve the
problem... But id like to know what it would be causing this issue.
Regards,
--
[]'s
Luiz Henrique Ozaki
Re: [squid-users] DNSBL Redirector
Ive got it... external_acl_type dnsbl children=10 %DST %SRC %IDENT %METHOD /usr/local/bin/dnsbl_redir2 acl policy external dnsbl http_access allow rede10 policy http_access allow rede200-1 policy http_access allow rede200-2 policy I dont want to use url_regex regarding performance issues. Im using a DNS Black-List that is much faster. Thanks On 6/12/06, "Luís Fernando C. Talora" <[EMAIL PROTECTED]> wrote: Instead of using redirectores, I use "deny_info" on squid.conf (much easier), as follows: - # Declaration of the ACL for Pornography acl porn url_regex -i "/etc/squid/lists/porn.url" # Redirection to 10.0.0.10 deny_info http://10.0.0.10/proxy/?cat=porn&url=%s porn # Blocking access to porn (user will be redirected to the link above) http_access deny all porn - It rocks! Regards, Luis Talora Luiz Henrique Ozaki escreveu: > Hi, > > Im using a DNSBL redirector that denies some sites redirecting to a > warning page. > How can I make denied sites from the redirector to get logged in the > access.log as denied ?? > > Im using dnsbl on redirect_program ( http://www.frws.com/squid_block/). > > Is it possible to use external_acl_type with this redirector with a > little modification making this 'redirector' like the squid ACLs ? > Like when got a denied, gets a squid denied message and get logged in > access.log. > -- []'s Luiz Henrique Ozaki
[squid-users] DNSBL Redirector
Hi, Im using a DNSBL redirector that denies some sites redirecting to a warning page. How can I make denied sites from the redirector to get logged in the access.log as denied ?? Im using dnsbl on redirect_program ( http://www.frws.com/squid_block/). Is it possible to use external_acl_type with this redirector with a little modification making this 'redirector' like the squid ACLs ? Like when got a denied, gets a squid denied message and get logged in access.log. -- []'s Luiz Henrique Ozaki
