We are running two squid proxies one with RedHat 8.0 and the other RedHat 9.0 with default kernels.
Interscan viruswall ver. 3.8 is also runnig on both the proxies and are acting as parent proxies for squid proxies.
The squid version and config parameters are as given below.
# /usr/local/squid/sbin/squid -v Squid Cache: Version 2.5.STABLE3 configure options: --enable-async-io --enable-carp
The hardware configs of both the proxies are exactly same ( HP DL 580 , 16GB RAM , 4 x 72 GB HDD ). There are three cache directories of 60 GB disk space each ( three partitions /cache1 , /cache2 and /cache3 with reiserfs FS) on each proxy i.e. total of 180GB cache.
For last few days we are facing very strange problem as described below.
Whenever user tries to access few sites e.g. www.google.com, www.rediff.com, www.indiatimes.com , www.yahoo.com and many more . all what s/he gets is coolsavings.com web page.
We suspected some adware might have got installed in local client machine so we cleared all local cache , cookles etc. and again tried but the problem continued. We then tried through lynx and links from linux desktops and problem persisted there also.
We then stopped squid , cleared cache and restarted again. Iit worked for few minutes but again the whole thing started with users only able to see coolsavings.com pages.
We then stopped squid entirely and divered all user traffic through viruswall acting as a proxy and it worked fine. We then recompiled squid with storeio as null option and started squid without caching enabled and it worked fine.
But since we could not work without cache and could not use viruswall as proxy we had to find other solution. We then blocked coolsavings.com on proxy with IPTABLES rules and it resolved the problem.
To understand the problem we removed IPTABLES rules, cleared the cache again and put ethereal on client machine. When the problem reoccured we captured the entire TCP stream. We again cleared the cache and opened the page captured which immediatly reproduced the problem. The problem was also reproduced on all other client machines accessing the proxy .
Strangly I have not been able to reproduce the problem on any other squid proxy running same versions of squid ( diff hardware config but same squid.conf )
Now I have again put the firewall rules and everything is working fine but I'm unable to find the cause of the problem.
Kindly help
Regards Vikram
_________________________________________________________________
Stand out from the crowd. Make your own MMS cards. http://msn.migasia.cn/msn Have some mobile masti!
