[squid-users] Squid 3.1.12.1 . Segmentation fault .
c|tiff|pdf|uxx)$ 26 90% 260009 override-expire # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user squid cache_effective_group squid half_closed_clients off buffered_logs on client_db off quick_abort_max 0 KB quick_abort_min 0 KB memory_pools off cache_swap_high 95% cache_swap_low 90 logfile_rotate 10 visible_hostnamecache.x.com cache_mgr i...@x.com quick_abort_min 32 KB quick_abort_max 32 KB quick_abort_pct 95 negative_ttl 3 minutes positive_dns_ttl 6 hours pipeline_prefetch on acl snmpkey snmp_community public snmp_port 3401 snmp_access allow snmpkey localhost snmp_access deny all debug_options ALL,6 Yours Faithfully, --- Amir H Shenavandeh
Re: [squid-users] squid 3.1.
Hi Amos, Thanks for your time and nice comments on the config file It is impossible for me to use "debug_options ALL,6" under such load. log file grows wildly and easily eats the whole hard disk ! Any other solutions to capture the log? Yours Faithfully, --- Amir H Shenavandeh On 11 June 2011 10:35, Amos Jeffries wrote: > On 11/06/11 05:39, Shenavandeh wrote: >> >> Hi, >> >> I have a squid installation that crashes twice a day under the load of >> 7 Mbps bandwidth with the following message in squid.out with no >> specific traces in cache.log >> >> Startup: Fri Jun 10 15:46:20 >> dying from an unhandled exception: !theConsumer >> terminate called after throwing an instance of 'TextException' >> what(): !theConsumer >> Startup: Fri Jun 10 19:55:29 >> >> It is compiled using following options: >> sbin]# ./squid -v >> Squid Cache: Version 3.1.12.1 >> configure options: '--enable-linux-netfilter' >> '--enable-storeio=ufs,aufs' '--enable-poll' >> '--enable-x-accelerator-vary' '--enable-follow-x-forwarded-for' >> '--enable-ssl' '--enable-snmp' '--enable-removal-policies' >> '--enable-gnuregex' '--with-large-files' '--enable-async-io' >> 'CFLAGS=-DNUMTHREADS=300' --with-squid=/root/squid-3.1.12.1 >> --enable-ltdl-convenience >> >> the platform is as follows: >> >> CPU :4 cores of Intel(R) Xeon(R) CPU E5504 @ 2.00GHz >> RAM : 8GB >> OS: CentOS 5.6 : >> Kernel: Linux version 2.6.25 compiled with tproxy option. >> >> the Squid configuration: >> >> cache_mem 4000 MB >> >> dead_peer_timeout 30 seconds >> hierarchy_stoplist cgi-bin ? >> acl QUERY urlpath_regex cgi-bin \? >> no_cache deny QUERY > > hierarchy_stoplist and the QUERY bits are outdated. It is worth removing > these. > >> >> maximum_object_size 50 MB >> maximum_object_size_in_memory 500 KB >> minimum_object_size 0 KB >> >> cache_replacement_policy heap LFUDA >> memory_replacement_policy heap LRU >> >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 ::1 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >> >> >> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network >> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network >> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network >> acl localnet src fc00::/7 # RFC 4193 local private network range >> acl localnet src fe80::/10 # RFC 4291 link-local (directly >> plugged) machines >> >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access allow to_localhost > > This is dangerous. > to_localhost is designed to match a class of attack signatures and prevent > DoS. It is intended for use in a "deny" line. > >> >> >> http_access allow localhost >> http_access allow localnet >> http_access allow to_localhost > > A second "allow to_localhost" is useless. The first will stop processing > when it gets tested and matches. > >> >> http_access deny all >> >> http_port 3128 tproxy >> >> hierarchy_stoplist cgi-bin ? > > repeat directive, worth removing. > >> >> cache_dir aufs /cache 24000 16 256 >> >> coredump_dir cache >> >> # Add any of your own refresh_pattern entries above these. >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern . 0 20% 4320 >> >> cache_effective_user squid >> cache_effective_group squid >> >> half_closed_clients off >> buffered_logs on >> client_db off >> quick_abort_max 0 KB >> quick_abort_min 0 KB >> memory_pools off >> >&g
[squid-users] squid 3.1.
Hi, I have a squid installation that crashes twice a day under the load of 7 Mbps bandwidth with the following message in squid.out with no specific traces in cache.log Startup: Fri Jun 10 15:46:20 dying from an unhandled exception: !theConsumer terminate called after throwing an instance of 'TextException' what(): !theConsumer Startup: Fri Jun 10 19:55:29 It is compiled using following options: sbin]# ./squid -v Squid Cache: Version 3.1.12.1 configure options: '--enable-linux-netfilter' '--enable-storeio=ufs,aufs' '--enable-poll' '--enable-x-accelerator-vary' '--enable-follow-x-forwarded-for' '--enable-ssl' '--enable-snmp' '--enable-removal-policies' '--enable-gnuregex' '--with-large-files' '--enable-async-io' 'CFLAGS=-DNUMTHREADS=300' --with-squid=/root/squid-3.1.12.1 --enable-ltdl-convenience the platform is as follows: CPU :4 cores of Intel(R) Xeon(R) CPU E5504 @ 2.00GHz RAM : 8GB OS: CentOS 5.6 : Kernel: Linux version 2.6.25 compiled with tproxy option. the Squid configuration: cache_mem 4000 MB dead_peer_timeout 30 seconds hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY maximum_object_size 50 MB maximum_object_size_in_memory 500 KB minimum_object_size 0 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LRU acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8# RFC1918 possible internal network acl localnet src 172.16.0.0/12# RFC1918 possible internal network acl localnet src 192.168.0.0/16# RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow to_localhost http_access allow localhost http_access allow localnet http_access allow to_localhost http_access deny all http_port 3128 tproxy hierarchy_stoplist cgi-bin ? cache_dir aufs /cache 24000 16 256 coredump_dir cache # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern -i (/cgi-bin/|\?) 00%0 refresh_pattern .020%4320 cache_effective_user squid cache_effective_group squid half_closed_clients off buffered_logs on client_db off quick_abort_max 0 KB quick_abort_min 0 KB memory_pools off cache_swap_high 95% cache_swap_low 90 logfile_rotate 10% visible_hostnameCache quick_abort_min 32 KB quick_abort_max 32 KB quick_abort_pct 95 negative_ttl 3 minutes positive_dns_ttl 6 hours pipeline_prefetch on acl snmpkey snmp_community public snmp_port 3401 snmp_access allow snmpkey localhost snmp_access deny all refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$ 26 90% 260009 override-expire refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 26 90% 260009 override-expire I would be most grateful if somebody helps me out. Yours Faithfully, --- Amir H Sh
