[squid-users] blog entry on core Squid concepts

2013-03-17 Thread Kent Tong 
Hi,

I've written a blog entry on Squid:
http://kenttongmo.blogspot.com/2013/03/concepts-of-squid.html

If it is considered useful, would an authorized editor like to add a link
to it from the Squid wiki?

Thanks!

-- 
Kent Tong
IT author and consultant, child education coach

Re: [squid-users] blog entry on core Squid concepts

2013-03-17 Thread Kinkie 
Hi Kent,
 thanks :)
I've referenced your article from http://wiki.squid-cache.org/ExternalLinks

On Sun, Mar 17, 2013 at 11:39 AM, Kent Tong kent.tong...@gmail.com wrote:
 Hi,

 I've written a blog entry on Squid:
 http://kenttongmo.blogspot.com/2013/03/concepts-of-squid.html

 If it is considered useful, would an authorized editor like to add a link
 to it from the Squid wiki?

 Thanks!

 --
 Kent Tong
 IT author and consultant, child education coach



--
/kinkie

Re: [squid-users] Blacklist Service for Squid Proxy - Squidblacklist.org

2013-03-17 Thread Eliezer Croitoru 

A very nice idea.
can you please share how do you collect these lists?

Best regards,
Eliezer

On 3/17/2013 4:00 AM, Squidblacklist wrote:



  I am inviting you all to squidblacklist.org, a new service
   specializing in blacklists formatted specifically for use with squid
   proxy integrated acl support. Your criticism and contributions are
   not only welcomed, but requisite for success.


   Thank you.


   Signed.

   Fix Nichols

   http://squidblacklist.org

[squid-users] squid Basic authentication

2013-03-17 Thread hadi 
Some body help me with my setup please.


Im using squid-3.1.23 trying to configure username/password for
authentication with local user's (getpwname_auth). It popup for
authentication but when I supply username and password doesn't work.
Please help regard this matter.
May squid.conf

auth_param basic program /usr/local/squid/libexec/getpwname_auth
auth_param basic utf8 off
auth_param basic children 15 start=1 idle=1 
auth_param basic realm Squid proxy Server at proxy.bigmama.com 
auth_param basic credentialsttl 4 hours 
auth_param basic casesensitive off 
acl authenticated proxy_auth REQUIRED
http_access allow authenticated 
http_access deny all

# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # should be
allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network acl
localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7   # RFC 4193 local private network range
acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
machines
acl lan src 192.168.0.0/24  # my lan
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost http_access allow lan
http_access allow manager localhost http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports http_access deny CONNECT
!SSL_ports

# We strongly recommend the following be uncommented to protect innocent #
web applications running on the proxy server who think the only # one who
can access services on localhost is a local user #http_access deny
to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks #
from where browsing should be allowed http_access allow localnet http_access
allow localhost

# And finally deny all other access to this proxy http_access deny all

# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /usr/local/squid/var/cache 1000 16 256 cache_mem 50 MB

# Leave coredumps in the first cache dir coredump_dir
/usr/local/squid/var/cache

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320
visible_hostname host1.bigmama.com
cache_effective_user squid
cache_effective_group squid

access.log
1362861900.377  1 192.168.0.1 TCP_DENIED/407 4175 GET
http://www.google.com/ - NONE/- text/html
1362861903.039  1 192.168.0.1 TCP_DENIED/407 4282 GET
http://www.google.com/ hadi NONE/- text/html
1362861905.676  1 192.168.0.1 TCP_DENIED/407 4297 GET
http://www.google.com/ hadi NONE/- text/html
1362861931.381  1 192.168.0.1 TCP_DENIED/407 4318 GET
http://www.google.com/ root NONE/- text/html More error logs from cache with
set to debug_options ALL,2 29
2013/03/16 01:41:02.758| ConnStateData::swanSong: FD 12
2013/03/16 01:41:22.128| The request CONNECT www.hotmail.com:443 is DENIED,
because it matched 'auth'
2013/03/16 01:41:22.128| errorpage.cc(1075) BuildContent: No existing error
page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default error
file.
2013/03/16 01:41:22.128| The reply for CONNECT www.hotmail.com:443 is
ALLOWED, because it matched 'auth'
2013/03/16 01:41:22.130| ConnStateData::swanSong: FD 14
2013/03/16 01:41:22.133| The request CONNECT www.hotmail.com:443 is DENIED,
because it matched 'auth'
2013/03/16 01:41:22.133| errorpage.cc(1075) BuildContent: No existing error
page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default error
file.
2013/03/16 01:41:22.134| The reply for CONNECT www.hotmail.com:443 is
ALLOWED, because it matched 'auth'
2013/03/16 01:41:22.135| connReadWasError: FD 14: got flag -1
2013/03/16 01:41:22.135| ConnStateData::swanSong: FD 14

[squid-users] Re: squid_kerb_auth problem after upgrade from 2.x to 3.1.10

2013-03-17 Thread Markus Moeller 

Hi Alex,

  The test you do is not a valid test for the Kerberos  authentication 
helper. The input is a Kerberos token which you can create with the tool 
provided by issuing:


kinit user@DOMAIN

and

./squid_kerb_auth_test squid-fqdn
Token: 
YIICigYGKwYBBQUCoIICfjCCAnqgJzAlBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgIGBisGAQUCBaKCAk0EggJJYIICRQYJKoZIhvcSAQICAQBuggI0MIICMKADAgEFoQMCAQ6iBwMFAACjggFeYYIBWjCCAVagAwIBBaELGwlTVVNFLkhPTUWiJzAloAMCAQOhHjAcGwRIVFRQGxRvcGVuc3VzZTEyLnN1c2UuaG9tZaOCARcwggEToAMCARehAwIBBKKCAQUEggEB5XHlcxE1U21wxlbr9X6mn6s8m5RBxj2aJlbD3FKo91TfE5g4dPLeSXNZ3ZkIONUIhvXuDdr+aa/JI5QD256Ft6tpAhDRjighade9p6IMhHjwcdF5+/aUNTPKJWApVuqT57QhoJk4WhNQdvgtwQn9AwyroVCm0dBdnqxnIFmOWQTXA1aSnbWEih0DLWOpYG30cYK53Eue3ZllXmANyQg7Sviq5JqMtN2+JnZ/0PZh+Jc8tzG0XGkDXYoLuTan6MngUwEi/KicbjowvrSdMebq7AE/w3Hy9ZNaNujuysmgsg2RLjUbtcmsB0nSdSwJ7mpeVPY+vKZ7vDBCnBmtlTLmggGkgbgwgbWgAwIBF6KBrQSBqucRLWoMg2Q9cyrCKlYaULBD19rkFSjStKByb0i3Wn4aGlGsx+BEkwX60pSGtGzX0THws/ibRWe5I4vQtMwlofMHuxki8jcwpDZySMzgIORqU6nN6UeoaAUyVThr6DTeQJdzWTXsS7+vSP70PkAB0HJtDSgUqP3Gxrx66zXgq2WkewVTwiOAox4M6ae0bKGicpQZH0hOpet2l4H3H/c2UeJPppdhDzuraIjc


With that token you can test squid_kerb_auth i.e.
export KRB5_KTNAME=path to squid.keytab
./squid_kerb_auth -d -s HTTP/srvproxy.xxx.local
YR 
YIICigYGKwYBBQUCoIICfjCCAnqgJzAlBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgIGBisGAQUCBaKCAk0EggJJYIICRQYJKoZIhvcSAQICAQBuggI0MIICMKADAgEFoQMCAQ6iBwMFAACjggFeYYIBWjCCAVagAwIBBaELGwlTVVNFLkhPTUWiJzAloAMCAQOhHjAcGwRIVFRQGxRvcGVuc3VzZTEyLnN1c2UuaG9tZaOCARcwggEToAMCARehAwIBBKKCAQUEggEB5XHlcxE1U21wxlbr9X6mn6s8m5RBxj2aJlbD3FKo91TfE5g4dPLeSXNZ3ZkIONUIhvXuDdr


How does cache.log look like when you get the auth error wih squid ?

Regards
Markus


Almot alex.ab...@gmail.com wrote in message 
news:1362987551354-4658936.p...@n4.nabble.com...

Hello, previous version 2.x worked fine.
OS: Centos 6.3, kinit pass fine - Authenticated to Kerberos v5


When i upgraded to 3.1.10 i got error in cache.log

authenticateNegotiateHandleReply: Error validating user via Negotiate. 
Error
returned 'BH gss_acquire_cred() failed: Unspecified GSS failure.  Minor 
code

may provide more information.

I tried check helper


/usr/lib/squid/squid_kerb_auth -s HTTP/srvproxy.xxx.local@XX.LOCAL -d
user pass
2013/03/11 11:34:03| squid_kerb_auth: DEBUG: Got 'user pass' from squid
(length: 17).
2013/03/11 11:34:03| squid_kerb_auth: ERROR: Invalid request [aabaev
asban81K27]
BH Invalid request


I do debug

-
1689  execve(/usr/lib/squid/squid_kerb_auth,
[/usr/lib/squid/squid_kerb_auth, -s, -d,
HTTP/srvproxy.7flowers.local@7FL...], [/* 23 vars */]) = 0
1689  brk(0)= 0x1cc7000
1689  mmap2(NULL, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1,

0) = 0xb7781000
1689  access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
1689  open(/etc/ld.so.cache, O_RDONLY) = 3
1689  fstat64(3, {st_mode=S_IFREG|0644, st_size=29287, ...}) = 0
1689  mmap2(NULL, 29287, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7779000
1689  close(3)  = 0
1689  open(/lib/libgssapi_krb5.so.2, O_RDONLY) = 3
1689  read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360m\0\0004\0\0\0..., 
512)

= 512
1689  fstat64(3, {st_mode=S_IFREG|0755, st_size=262124, ...}) = 0
1689  mmap2(NULL, 261128, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 
3,

0) = 0xdb2000
1689  mmap2(0xdf, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3e) = 0xdf
1689  close(3)  = 0
1689  open(/lib/libkrb5.so.3, O_RDONLY) = 3
1689  read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\t\1\0004\0\0\0...,
512) = 512
1689  fstat64(3, {st_mode=S_IFREG|0755, st_size=901552, ...}) = 0
1689  mmap2(NULL, 904716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 
3,

0) = 0x4a5000
1689  mmap2(0x57b000, 28672, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd5) = 0x57b000
1689  close(3)  = 0
1689  open(/lib/libk5crypto.so.3, O_RDONLY) = 3
1689  read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340*\0\0004\0\0\0..., 
512)

= 512
1689  fstat64(3, {st_mode=S_IFREG|0755, st_size=169712, ...}) = 0
1689  mmap2(NULL, 172056, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 
3,

0) = 0xec3000
1689  mmap2(0xeeb000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28) = 0xeeb000
1689  mmap2(0xeed000, 24, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xeed000
1689  close(3)  = 0
1689  open(/lib/libcom_err.so.2, O_RDONLY) = 3
1689  read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\16\0\0004\0\0\0..., 
512)

= 512
1689  fstat64(3, {st_mode=S_IFREG|0755, st_size=13836, ...}) = 0
1689  mmap2(NULL, 16596, PROT_READ|PROT_EXEC,

Re: [squid-users] how to decode incoming request and header

2013-03-17 Thread Alex Rousskov 
On 03/16/2013 12:00 PM, Masih Nazari wrote:

 is there any way to send custom header to squid and squid replace
 custom header with request url?

Yes, Squid can adapt (modify) requests that it forwards, including the
Request URI part of the request. Please see

   http://wiki.squid-cache.org/SquidFaq/ContentAdaptation

for a discussion of various options available for that. Please note that
you will probably need to modify the Host header as well as the Request URI.


HTH,

Alex.

[squid-users] RE: squid Basic authentication

2013-03-17 Thread hadi 
It work form me after reading this thread.
http://www.squid-cache.org/mail-archive/squid-users/200803/0496.html

I have convert back shadow to /etc/passwd 
With /usr/sbin/pwunconv

Thanks and regards 
Hadi 

-Original Message-
From: hadi [mailto:almarzuki2...@hotmail.com] 
Sent: Sunday, March 17, 2013 7:53 PM
To: 'squid-users@squid-cache.org'
Subject: squid Basic authentication

Some body help me with my setup please.


Im using squid-3.1.23 trying to configure username/password for
authentication with local user's (getpwname_auth). It popup for
authentication but when I supply username and password doesn't work.
Please help regard this matter.
May squid.conf

auth_param basic program /usr/local/squid/libexec/getpwname_auth
auth_param basic utf8 off
auth_param basic children 15 start=1 idle=1 auth_param basic realm Squid
proxy Server at proxy.bigmama.com auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off acl authenticated proxy_auth REQUIRED
http_access allow authenticated http_access deny all

# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # should be
allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network acl
localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7   # RFC 4193 local private network range
acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
machines
acl lan src 192.168.0.0/24  # my lan
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost http_access allow lan
http_access allow manager localhost http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports http_access deny CONNECT
!SSL_ports

# We strongly recommend the following be uncommented to protect innocent #
web applications running on the proxy server who think the only # one who
can access services on localhost is a local user #http_access deny
to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks #
from where browsing should be allowed http_access allow localnet http_access
allow localhost

# And finally deny all other access to this proxy http_access deny all

# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /usr/local/squid/var/cache 1000 16 256 cache_mem 50 MB

# Leave coredumps in the first cache dir coredump_dir
/usr/local/squid/var/cache

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320
visible_hostname host1.bigmama.com
cache_effective_user squid
cache_effective_group squid

access.log
1362861900.377  1 192.168.0.1 TCP_DENIED/407 4175 GET
http://www.google.com/ - NONE/- text/html
1362861903.039  1 192.168.0.1 TCP_DENIED/407 4282 GET
http://www.google.com/ hadi NONE/- text/html
1362861905.676  1 192.168.0.1 TCP_DENIED/407 4297 GET
http://www.google.com/ hadi NONE/- text/html
1362861931.381  1 192.168.0.1 TCP_DENIED/407 4318 GET
http://www.google.com/ root NONE/- text/html More error logs from cache with
set to debug_options ALL,2 29
2013/03/16 01:41:02.758| ConnStateData::swanSong: FD 12
2013/03/16 01:41:22.128| The request CONNECT www.hotmail.com:443 is DENIED,
because it matched 'auth'
2013/03/16 01:41:22.128| errorpage.cc(1075) BuildContent: No existing error
page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default error
file.
2013/03/16 01:41:22.128| The reply for CONNECT www.hotmail.com:443 is
ALLOWED, because it matched 'auth'
2013/03/16 01:41:22.130| ConnStateData::swanSong: FD 14
2013/03/16 01:41:22.133| The request CONNECT www.hotmail.com:443 is DENIED,
because it matched 'auth'
2013/03/16 01:41:22.133| errorpage.cc(1075) BuildContent: No existing error
page language negotiated for ERR_CACHE_ACCESS_DENIED. Using default error

Re: [squid-users] RE: squid Basic authentication

2013-03-17 Thread Amos Jeffries 

On 18/03/2013 9:58 a.m., hadi wrote:

It work form me after reading this thread.
http://www.squid-cache.org/mail-archive/squid-users/200803/0496.html


Shadow file support has apparently been present in that helper since 
2006 on every OS which supports the required lookup function.

What operating system (and version) are you using?


I have convert back shadow to /etc/passwd
With /usr/sbin/pwunconv

Thanks and regards
Hadi

-Original Message-
From: hadi

Some body help me with my setup please.


Im using squid-3.1.23 trying to configure username/password for
authentication with local user's (getpwname_auth). It popup for
authentication but when I supply username and password doesn't work.
Please help regard this matter.
May squid.conf

auth_param basic program /usr/local/squid/libexec/getpwname_auth
auth_param basic utf8 off
auth_param basic children 15 start=1 idle=1 auth_param basic realm Squid
proxy Server at proxy.bigmama.com auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off acl authenticated proxy_auth REQUIRED
http_access allow authenticated http_access deny all


NP: due to 'deny all' the remaining access controls are never used.



access.log
1362861900.377  1 192.168.0.1 TCP_DENIED/407 4175 GET
http://www.google.com/ - NONE/- text/html
1362861903.039  1 192.168.0.1 TCP_DENIED/407 4282 GET
http://www.google.com/ hadi NONE/- text/html
1362861905.676  1 192.168.0.1 TCP_DENIED/407 4297 GET
http://www.google.com/ hadi NONE/- text/html
1362861931.381  1 192.168.0.1 TCP_DENIED/407 4318 GET
http://www.google.com/ root NONE/- text/html More error logs from cache with
set to debug_options ALL,2 29
2013/03/16 01:41:02.758| ConnStateData::swanSong: FD 12
2013/03/16 01:41:22.128| The request CONNECT www.hotmail.com:443 is DENIED,
because it matched 'auth'


The request is being denied due to an ACL named auth. Which does not 
exist in your configuration file.


Are you sure you are running the Squid you think you are? there is no 
other older version installed somewhere in the background being run instead?



Amos

Re: [squid-users] Squid process crash every day, why?

2013-03-17 Thread Amos Jeffries 

On 16/03/2013 12:24 a.m., Feusi Remo (feus) wrote:

Hi, I am new to the mailing list and have the following issue:

Our squid crash every night between 01:00 and 02:00 CET.


What is Squid doing at those times?


Mar 15 01:50:33 srv-app-904 (squid-1): Bungled (null) line 8: icap_retry deny 
all
Mar 15 01:50:35 srv-app-904 squid[3589]: Squid Parent: (squid-1) process 3592 
exited with status 1
Mar 15 01:50:38 srv-app-904 squid[3589]: Squid Parent: (squid-1) process 4119 
started
Mar 15 01:51:32 srv-app-904 (squid-1): Bungled (null) line 8: icap_retry deny 
all
Mar 15 01:51:32 srv-app-904 squid[3589]: Squid Parent: (squid-1) process 4119 
exited with status 1
Mar 15 01:51:35 srv-app-904 squid[3589]: Squid Parent: (squid-1) process 4141 
started
Mar 15 02:13:43 srv-app-904 (squid-1): Bungled (null) line 8: icap_retry deny 
all
Mar 15 02:13:43 srv-app-904 squid[3589]: Squid Parent: (squid-1) process 4141 
exited with status 1
Mar 15 02:13:46 srv-app-904 squid[3589]: Squid Parent: (squid-1) process 4193 
started


This usually shows up due to a problem in the auto-generated parser.
It can usually be resolved by rebuilding Squid in a new build directory.
if your RPM package was a binary one please contact the package provider 
about this.


NP: I also suggest you upgrade to 3.2.9 or 3.3.3 ASAP.


And here the interesting part from cache.log (with minus in the memory 
usage):


Nothing to worry about. It is a well-known 32-bit wrap problem with 
mallinfo() on 64-bit systems. Squid will operate just fine apart from 
the memory reporting details being incorrect like this.



2013/03/15 01:50:33 kid1| Closing HTTP port 160.85.104.14:8080
2013/03/15 01:50:33 kid1| storeDirWriteCleanLogs: Starting...
2013/03/15 01:50:33 kid1| 65536 entries written so far.
2013/03/15 01:50:33 kid1|131072 entries written so far.
2013/03/15 01:50:33 kid1|196608 entries written so far.
2013/03/15 01:50:33 kid1|262144 entries written so far.
2013/03/15 01:50:33 kid1|327680 entries written so far.
2013/03/15 01:50:33 kid1|393216 entries written so far.
2013/03/15 01:50:33 kid1|458752 entries written so far.
2013/03/15 01:50:33 kid1|524288 entries written so far.
2013/03/15 01:50:33 kid1|589824 entries written so far.
2013/03/15 01:50:33 kid1|655360 entries written so far.
2013/03/15 01:50:33 kid1|720896 entries written so far.
2013/03/15 01:50:33 kid1|786432 entries written so far.
2013/03/15 01:50:33 kid1|   Finished.  Wrote 799896 entries.
2013/03/15 01:50:33 kid1|   Took 0.16 seconds (5155895.89 entries/sec).
FATAL: Bungled (null) line 8: icap_retry deny all
Squid Cache (Version 3.2.8): Terminated abnormally.
CPU Usage: 1200.378 seconds = 742.532 user + 457.845 sys
Maximum Resident Size: 10759744 KB
Page faults with physical i/o: 12
Memory usage for squid via mallinfo():
 total space in arena:  -1523816 KB
 Ordinary blocks:   -1587068 KB  98685 blks
 Small blocks:   0 KB  1 blks
 Holding blocks: 40796 KB 10 blks
 Free Small blocks:  0 KB
 Free Ordinary blocks:   63251 KB
 Total in use:  -1546272 KB 101%
 Total free: 63251 KB -3%
2013/03/15 01:50:38 kid1| Starting Squid Cache version 3.2.8 for 
x86_64-unknown-linux-gnu...
2013/03/15 01:50:38 kid1| Process ID 4119
2013/03/15 01:50:38 kid1| Process Roles: worker
2013/03/15 01:50:38 kid1| With 65535 file descriptors available
2013/03/15 01:50:38 kid1| Initializing IP Cache...
2013/03/15 01:50:38 kid1| DNS Socket created at 0.0.0.0, FD 7
2013/03/15 01:50:38 kid1| Adding nameserver 160.85.192.100 from squid.conf
2013/03/15 01:50:38 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2013/03/15 01:50:38 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2013/03/15 01:50:38 kid1| Local cache digest enabled; rebuild/rewrite every 
3600/3600 sec
2013/03/15 01:50:38 kid1| Store logging disabled
2013/03/15 01:50:38 kid1| Swap maxSize 2560 + 2097152 KB, estimated 2130550 
objects
2013/03/15 01:50:38 kid1| Target number of buckets: 106527


The Cache settings are as followed:
cache_effective_user squid
cache_effective_group squid
cache_mem 2048 MB
cache_dir aufs /var/cache/squid 25000 64 256
maximum_object_size_in_memory 512 KB

System Settings:
- CentOS release 6.4 (Final)
- uname -a: Linux srv-app-904 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 
00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
- rpm package: squid-3.2.8-1.el6.x86_64
- MemTotal:8061980 kB

Thanks!

Remo


I suggest you upgrade to 3.2.9 or 3.3.3 ASAP, it could be a few things, 
including the 0-day which was published last week.


Amos