Re: Fw: Re: [squid-users] squid error message
ons 2009-08-12 klockan 16:39 +1200 skrev Amos Jeffries: > The "Excess data from" is due to some clients pushing more data down > into Squid than they indicate in the HTTP headers. This is better known > as a data smuggling attack. I suggest you find out which clients are > doing this and why. Actually servers, but same principle. Regards Henrik
Re: Fw: Re: [squid-users] squid error message
Jigar Raval wrote: Hello, In continutation to my previous mail about squid cache error log, We have observed that this is happend due to port 80 forwarding to 3128 using iptables. We removed the line from iptables and the error is now not in cache log fine. We have blocked all the port 80 request through iptables. All the request must go through squid. We are using non-transparent proxy. Now, the other log entry in cache log which was previously not there httpReadReply: Excess data from as well as some of the time ALL dnsserver are busy this also appear in dns. We are using dns_server in squid.conf. Is it related to our chages to port 80 OR Any other problem ? We are trying to understand. How to resolve it ? This is two problems. The "Excess data from" is due to some clients pushing more data down into Squid than they indicate in the HTTP headers. This is better known as a data smuggling attack. I suggest you find out which clients are doing this and why. The second issue about "dnsserver" is due to an overload of the DNS helpers which are obsolete since Squid-2.3. http://wiki.squid-cache.org/Features/Dnsserver I would suggest using a current Squid without the --disable-internal-dns configure option. Regards Jigar --- On Wed, 7/22/09, Jigar Raval wrote: From: Jigar Raval Subject: Re: [squid-users] squid error message To: squid-users@squid-cache.org Cc: "Amos Jeffries" Date: Wednesday, July 22, 2009, 2:40 AM Hello, The cache log show following clientReadRequest: FD 277 (192.168.1.142:49241) Invalid Request Should i upgrade with new squid version ? Regards Jigar --- On Wed, 7/22/09, Amos Jeffries wrote: From: Amos Jeffries Subject: Re: [squid-users] squid error message To: "Jigar Raval" Cc: squid-users@squid-cache.org Date: Wednesday, July 22, 2009, 1:43 AM Jigar Raval wrote: Hello, We have configure squid and we are getting following type of erro in log file TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html This is especially appears to be related with windows vista update. We are getting lots of such error messages. What could be the reason ? How to solve this? Some client opened a TCP link to Squid. Started sending a HEAD request but before it finished sending the request headers it closed the link or died. This is no problem with Squid, but something bad at the client end or network between client and Squid. cache.log may have more info on what happened if anything more is known to Squid than a simple disconnection. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.10 or 3.1.0.11 -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Fw: Re: [squid-users] squid error message
Hello, In continutation to my previous mail about squid cache error log, We have observed that this is happend due to port 80 forwarding to 3128 using iptables. We removed the line from iptables and the error is now not in cache log fine. We have blocked all the port 80 request through iptables. All the request must go through squid. We are using non-transparent proxy. Now, the other log entry in cache log which was previously not there httpReadReply: Excess data from as well as some of the time ALL dnsserver are busy this also appear in dns. We are using dns_server in squid.conf. Is it related to our chages to port 80 OR Any other problem ? We are trying to understand. How to resolve it ? Regards Jigar --- On Wed, 7/22/09, Jigar Raval wrote: > From: Jigar Raval > Subject: Re: [squid-users] squid error message > To: squid-users@squid-cache.org > Cc: "Amos Jeffries" > Date: Wednesday, July 22, 2009, 2:40 AM > Hello, > > The cache log show following > > > clientReadRequest: FD 277 (192.168.1.142:49241) Invalid > Request > > Should i upgrade with new squid version ? > > Regards > > Jigar > > > --- On Wed, 7/22/09, Amos Jeffries > wrote: > > > From: Amos Jeffries > > Subject: Re: [squid-users] squid error message > > To: "Jigar Raval" > > Cc: squid-users@squid-cache.org > > Date: Wednesday, July 22, 2009, 1:43 AM > > Jigar Raval wrote: > > > > > > Hello, > > > > > > We have configure squid and we are getting > following > > type of erro in log file > > > > > > TCP_DENIED/400 0 HEAD error:invalid-request - > NONE/- > > text/html > > > > > > This is especially appears to be related with > windows > > vista update. We are getting lots of such error > messages. > > > What could be the reason ? How to solve this? > > > > Some client opened a TCP link to Squid. Started > sending a > > HEAD request but before it finished sending the > request > > headers it closed the link or died. > > > > This is no problem with Squid, but something bad at > the > > client end or network between client and Squid. > > cache.log may have more info on what happened if > anything > > more is known to Squid than a simple disconnection. > > > > Amos > > -- Please be using > > Current Stable Squid 2.7.STABLE6 or > 3.0.STABLE16 > > Current Beta Squid 3.1.0.10 or > 3.1.0.11 > > > > > >
Re: [squid-users] squid error message
ons 2009-07-22 klockan 01:26 -0700 skrev Jigar Raval: > > Hello, > > We have configure squid and we are getting following type of erro in log file > > TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html cache.log may contain more information about the malformed request. Regards Henrik
Re: [squid-users] squid error message
Jigar Raval wrote: Hello, The cache log show following clientReadRequest: FD 277 (192.168.1.142:49241) Invalid Request Should i upgrade with new squid version ? I expect there will be no change. This is showing most of the signs of a broken client. But feel free if you wish to try something newer. Amos --- On Wed, 7/22/09, Amos Jeffries wrote: From: Amos Jeffries Subject: Re: [squid-users] squid error message To: "Jigar Raval" Cc: squid-users@squid-cache.org Date: Wednesday, July 22, 2009, 1:43 AM Jigar Raval wrote: Hello, We have configure squid and we are getting following type of erro in log file TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html This is especially appears to be related with windows vista update. We are getting lots of such error messages. What could be the reason ? How to solve this? Some client opened a TCP link to Squid. Started sending a HEAD request but before it finished sending the request headers it closed the link or died. This is no problem with Squid, but something bad at the client end or network between client and Squid. cache.log may have more info on what happened if anything more is known to Squid than a simple disconnection. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.10 or 3.1.0.11 -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.10 or 3.1.0.11
Re: [squid-users] squid error message
Hello, The cache log show following clientReadRequest: FD 277 (192.168.1.142:49241) Invalid Request Should i upgrade with new squid version ? Regards Jigar --- On Wed, 7/22/09, Amos Jeffries wrote: > From: Amos Jeffries > Subject: Re: [squid-users] squid error message > To: "Jigar Raval" > Cc: squid-users@squid-cache.org > Date: Wednesday, July 22, 2009, 1:43 AM > Jigar Raval wrote: > > > > Hello, > > > > We have configure squid and we are getting following > type of erro in log file > > > > TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- > text/html > > > > This is especially appears to be related with windows > vista update. We are getting lots of such error messages. > > What could be the reason ? How to solve this? > > Some client opened a TCP link to Squid. Started sending a > HEAD request but before it finished sending the request > headers it closed the link or died. > > This is no problem with Squid, but something bad at the > client end or network between client and Squid. > cache.log may have more info on what happened if anything > more is known to Squid than a simple disconnection. > > Amos > -- Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 > Current Beta Squid 3.1.0.10 or 3.1.0.11 >
Re: [squid-users] squid error message
Jigar Raval wrote: Hello, We have configure squid and we are getting following type of erro in log file TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html This is especially appears to be related with windows vista update. We are getting lots of such error messages. What could be the reason ? How to solve this? Some client opened a TCP link to Squid. Started sending a HEAD request but before it finished sending the request headers it closed the link or died. This is no problem with Squid, but something bad at the client end or network between client and Squid. cache.log may have more info on what happened if anything more is known to Squid than a simple disconnection. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.10 or 3.1.0.11
[squid-users] squid error message
Hello, We have configure squid and we are getting following type of erro in log file TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html This is especially appears to be related with windows vista update. We are getting lots of such error messages. What could be the reason ? How to solve this? Regards Jigar