[squid-users] problems with ie 6 and proxy auth on squid
Hi all, I've got a small problem with IE 6 and proxy authentication to a squid 2.5 stable1 set of caches. I should say at this point that mozilla, netscape 6.2/7.0/7.0.1 and phoenix 0.5 all work correctly Descn:- I have 4 squid 2.5stable1 caches connected to a foundry serveriron load balancing box. All my clients are configured to pick up an auto proxy config file from a server on our campus which basically says "if the remote URL is on our net go direct otherwise go via my caches". Access to the caches is via a virtual IP address set up on the serveriron which then load balances requests over the real servers. Our outside world firewall is configured so that direct external access from client pcs is redirected to a local web page describing how to configure their browser to use our cache. Configuring IE 6 to use our squid caches works fine without any form of proxy authentication. When I configure them to use proxy auth I get the following problem. 1). configure IE to have a home page outside our class b net. 2). configure client to use proxy service ( either virtual ip on foundry kit or real web cache address:3128 doesn't matter which) 3). configure client to delete all temp cache files on exit just to view problem and then exit browser 4). fire up browser 5). fill in authentication dialog box that appears because we are connected to a cache 6). Web page appears saying ie is unable to connect to remote site "server or DNS failure" 7). click on refresh button - remote web page appears. The above had a home page on a remote site just to simplify things. If the home page is local and you then try and access a remote site the same thing happens. The thing is that some clients work fine and some don't ... and I can't see what the difference is!! has anyone seen any problems with IE authenticating to a squid cache before? any help appreciated Alex Sent using Mulberry 3.01a
[squid-users] Justification for authentication at the squid cache level
Hi all, I've been running a number of squid caches for a few years here and am now looking at enforcing authentication at the cache level. Needless to say I've got a lot of people now saying "why would you want to do that" " not another login prompt" etc. While I've got my own ideas as to why we should do this, I'd like some extra ammunition in the form of other (educational establishment) sites that went down this route and why. So I'm looking for a). reasons for implementing authentication at the cache level i.e. how you persuaded "upper management" that it was a good idea to implement this functionality b). response from user base - grumbles? complaints? c). How you minimised the "additional login to do" problem d). Implementation problems - any browser specific funnies that caused problems. As with most sites we've got every flavour of windows out there running god knows what sort of browser what did people do regarding supported browsers IE 6 only, Netscape, Mozilla, Phoenix, specifying "baseline" releases of specific browsers? Any help appreciated Alex Sent using Mulberry 3.01a
Re: [squid-users] Squid 2.5 stable 1 and basic auth/ldap
Quoting Henrik Nordstrom <[EMAIL PROTECTED]>: > Nobody has written one for the FAQ yet, but there is some documentation > in the documentation to each helper (authentication and/or group > helper). > > If you plan on using groups I strongly advise to look into the group > helper of 2.5.STABLE1-2003 snapshots, or 2.5.STABLE2 when released > (which is not far away now). > Hi, if you're running on linux why not just use pam authentication and set up a squid specific pam.d file that uses ldap that's what I'm running here and it was very easy to set up. didn;t have to modify any squid related files at all alex > Regards > Henrik > > > > ons 2003-02-12 klockan 16.12 skrev Tobias Hadem: > > Hello List, > > > > > > does anybody know a link to a good and detailed howto for squid 2.5 and > > ldap authentification? > > > > googling only resulted in some outdated (squid 2.4 with patch) howtos, > > nothing really new. > > > > or has anybody got any experiences with it, and could perhaps write a > > small mini-howto about it? > > > > thx in effort > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden > >
Re: [squid-users] Squid 2.5 stable 1 and basic auth/ldap
Quoting Henrik Nordstrom <[EMAIL PROTECTED]>: > Alex Sharaz wrote: > > > > Quoting Henrik Nordstrom <[EMAIL PROTECTED]>: > > > > > Nobody has written one for the FAQ yet, but there is some documentation > > > in the documentation to each helper (authentication and/or group > > > helper). > > > > > > If you plan on using groups I strongly advise to look into the group > > > helper of 2.5.STABLE1-2003 snapshots, or 2.5.STABLE2 when released > > > (which is not far away now). > > > if you're running on linux why not just use pam authentication and set up > a > > squid specific pam.d file that uses ldap that's what I'm running here and > it was > > very easy to set up. didn;t have to modify any squid related files at all > > > Using PAM is suitable if you want to have the proxy users fully > integrated as UNIX accounts on the proxy server. Most people running > proxy services and having external authentication databases such as NT > or LDAP do not actually want this, instead running the proxy as an > appliance where the accounts is only valid for the proxy service, not > the OS. > but you don't have to have proxy users integrated into the unix accounts. My squid caches are basically black boxes with 2 userids on it. My own and a colleague in the computer centre. The "squid" file in /etc/pam.d just says "authenticate to openldap" there is no reference to local user as found in /etc/passwd or nis or whatever else you would normaly use so if a user with a userid of FredBloggs tries to use the cache as long as his userid is in our ldap database it all works Would there be any performance hits using pam instead of a squid ldap module? I must admit that I've only got about 20 people authenticating to our caches and as there are 4 of them connected to a load balancing switch there's notmuch going on at the moment :-)) alex > But yes, if your OS is already set up to use the correct user accounts > database then PAM will do the job fine. > > Regards > Henrik >
[squid-users] What are these sites?
Hi all I've just brought on line webalizer based web page for our 4 squid caches and for the last 3 days the "top 30" urls section have been swamped with entries like http://207.46.110.X/gateway/gateway.dll and http://38.144.57.X/Update.htm and http://64.12.163.X/data I'd love to know what these URLs are. Could they be associated with a windows update attempt by a client going through a proxy? I can filter them out of the equation for webalizer pages if that's the case alex " Sent using Mulberry 3.01a
[squid-users] advice on squid configuration for specific application
hi all, Got a small problem here that i'm looking for advice on. Our university is to set up a "portal service" here and wants to have access to it frontended by our web caches, the main reason being that I've configured the caches to selectively require authentication based upon the source subnet so they wouldn't have to worry about authentication to their system using anything other than at the IP address level. The trouble is that I'm not sure if I can do it using a squid cache or not. Suppose the idea is outside world . accessing URL with portal.ac.uk . pointing to squid cache which access .> real server with different domain name of fred.hull.ac.uk don't think its possible but just in case it is TIA alex Sent using Mulberry 3.01a
[squid-users] radius authentication for squid
hi people, a couple of messages ago there was some talk about using radius authentication with squid If anyone has got some s/w, documentation etc I'd be obliged alex
[squid-users] couple of squid questions
hi all, couple of questions re squid config My squid hardware is based round systems with a 1.8Zenon cpu 4Gbytes of ram and 4 36Gbyte disks for cache storage running RH 8.0 with the 2.4.18-24smp version of the kernel. Each disk has 1 partition set up cachedir ufs <90% of disk space> 256 256 what sort of cache_mem setting should I be looking for in the above config. did have aufs set up for a while but seemed to have a number of error messages indicating that particular directories on a cache disk could not be found e.g. cache1/0a/ob ... didn;t seem to have made any difference but I would have excpected a squid -z to have created all the directoroes it required. Should I be aufs? and lastly given that the Zenon processors can support hyper-threading, is there any magical squid config settings that'll make use of this? Using 'top' it looks as if it isn't at the moment. TIA alex
[squid-users] Calculating cache_dir L1 parameter
hi all, A while back I sent out a message regarding some config issues for my squid caches one of which related to the cache_dir config file parameter. someone kindly sent me back an equation to be used in calculating the L1 parameter for a given size of cache disk. Unfortunately guess who has misplaced the message and can I find it on the FAQ page at www.squid-cache.org? nope of course not. So if someone could please send me the info again I'd be obliged Alex Sent using Mulberry 3.01a
[squid-users] multiple squid cache configurations
Hi, At the moment I have 4 squid caches connected to a single Foundry Networks ServerironXL via 100Mbit full duplex links. The ServerIron is connected into our backbone network via Gigabit link. Each of the squid caches has 2 100Mbit ethernet ports on the motherboard As the above confgig has a single point of failure (the ServerIron) what I'd like to do is implement a dual homed setup using two ServerIrons and have each cache connected to each ServerIron. This, according to the Foundry docn, will allow me to create an active-active setup where traffic from our net will be able to access all our squid caches via either ServerIron. All the caches and ServerIrons will be on the same class C subnet. The problem I've got is that while inbound traffic will be load balanced over the 8 fast ethernet ports on the cache boxes, I don't know how to persuade squid to load balance outgoing traffic over the two interfaces on the server. Normally I'd just have a default gateway setup on each cache but that's not going to work in this case as I'm trying to use two interfaces. So ... if i've got 2 interfaces on a squid cache on the same net, how do I persuade squid to load balance outgoing traffic over both interfaces. TIA Alex
[squid-users] Queue congestion
I'm seeing a few error messages in my squid 2.5.s20030.. caches saying WARNING squidaio_queue congestion Anything I can do about it? alex Sent using Mulberry 3.01a
Re: [squid-users] Queue congestion
o.k just see them occasionally, I've got 4 36Gbyte 15Krpm Ultra 160 disks in the server --On 06 March 2003 17:38 +0100 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: This can be ignored if you are only seeing a few of them.. If you are seeing it constantly then your drives is probably overloaded and you need one or two more drives.. Regards Henrik tor 2003-03-06 klockan 16.51 skrev Alex Sharaz: I'm seeing a few error messages in my squid 2.5.s20030.. caches saying WARNING squidaio_queue congestion Anything I can do about it? alex Sent using Mulberry 3.01a -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden Sent using Mulberry 3.01a
[squid-users] squid compile options
A long long time ago I built up a small script that ran configure with all the squid options i wanted to use In this script I also had a CFLAGS statement specifying NUMTHREADS=30 I can't for the like of me remember what I put it in for. :-((( I'm running aufs on my squid boxes alex Sent using Mulberry 3.01a
[squid-users] using pam_radius module with squid
Hi all, I've been running squid configured to use pam_auth for a while now in conjunction with an ldap authentication (pam) module which works fine. For local reasons I'd like the pam auth procedure to also authenticate against a radius server I've got. So I downloaded and compiled a pam_radius_auth module version 1.3.15 from ftp.freeradius.org and replaced my /etc/pam.d/squid file with one containing auth sufficient /lib/security/pam_radius_auth.so debug Connecting to my squid server from a browser gives me a login dialog box. I type in a test userid and pasword and I can see the radius server saying they are valid - but the cache keeps passing me back a prompt to enter my uid and password Is anyone else running a pam based radius authentication module against squid? alex
[squid-users] using 2 sets of basic authentication in squid
Hi all, quick question I'm testing out squid authentication on a number of class c subnets here with specific ACL statements that indicate authentication is required on a given subnet. At the moment i'm using pam/ldap to implement the authentication and everything seems to work fine. For various reasons, I might need to have some subnets that authenticate to a radius server instead of to an ldap one. I've downloaded the squid_radius_auth code and am running it on a development server adn that seems to work fine the question is :- can you define/run two "basic" authentication schemes on one squid box TIA Alex Sent using Mulberry 3.01a
Re: [squid-users] using 2 sets of basic authentication in squid
unfortunately the userid would be the same. The only unique parameter would be the callers ip subnet --On 27 March 2003 12:02 +0100 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: tor 2003-03-27 klockan 11.43 skrev Alex Sharaz: can you define/run two "basic" authentication schemes on one squid box Not unless you from the username can determine which backend password database to use. If you can identify from the username which backend password database to use then it is possible to write a little glue script which sits inbetween Squid and the basic auth helpers, selecting which helper to use based on the user. -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden Sent using Mulberry 3.01a
Re: [squid-users] using 2 sets of basic authentication in squid
Was starting to think that or have a different cache altogether for the remote access stuff ... or possibly use ntlm auth for one set and basic for the other. alex --On 27 March 2003 12:56 +0100 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: Then you will need to run two Squid instances. Regards Henrik tor 2003-03-27 klockan 12.12 skrev Alex Sharaz: unfortunately the userid would be the same. The only unique parameter would be the callers ip subnet --On 27 March 2003 12:02 +0100 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > tor 2003-03-27 klockan 11.43 skrev Alex Sharaz: > >> can you define/run two "basic" authentication schemes on one squid box > > Not unless you from the username can determine which backend password > database to use. > > If you can identify from the username which backend password database > to use then it is possible to write a little glue script which sits > inbetween Squid and the basic auth helpers, selecting which helper to > use based on the user. > > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden > Sent using Mulberry 3.01a -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden Sent using Mulberry 3.01a
Re: [squid-users] IE doesn't resolve for the first time
The fix is now included in the latest fixpack for IE6 so you shouldn;t have to wait for a special one alex --On 31 March 2003 02:51 -0800 Fredi <[EMAIL PROTECTED]> wrote: Hello, Thx for the tip. I called MS Support and I'm still waiting for that "hotfix" (they said it can take one day to send it by mail). Meanwhile I've upgraded to squid-2.5.STABLE1 and it works great (I had to update my conf file) Thank you. --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote: Squid FAQ 5.12: IE 6.0 SP1 fails when using basic authentication http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.12> Regards Henrik Fredi wrote: > > Hello, > > I'm using squid-2.4 with PAM auth for my network. > Authorization works fine with IE and Netscape but > after authorization in IE I get "The page cannot be > desplayed" > and "TCP_DENIED/407" in my access log. If I reload or > visit other pages work well. > PS: With Netscape works well, I don't have that > problem. > > I tried adding and removing resolv.conf form my conf > file, I've changed the DNS servers on my pc. > > Any ideeas? > > Squid log: > > 1049037536.420 4 192.168.0.22 TCP_DENIED/407 1342 > GET http://www.directnet.ro/ - NONE/- - > 1049037552.268 1 192.168.0.22 TCP_IMS_HIT/304 211 > GET http://www.directnet.ro/ fredi NONE/- text/html > > Squid.conf with pam_auth: > > acl all src 0.0.0.0/0.0.0.0 > acl password proxy_auth REQUIRED > acl HQLAN src 192.168.0.0/255.255.255.0 > http_access deny !HQLAN > http_access allow password > http_access deny all > > __ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! > http://platinum.yahoo.com __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com Sent using Mulberry 3.01a
[squid-users] trimming contents of access.log
hi all, quick question, I'm running a number of web caches connected to a foundry ServerIronxL server load balancing device. The ServerIron performs L7 health checks every 30 seconds ( which I'm planning to reduce to about 109 secs) The only problem is that of course the access logs has got entries for "HEAD" commands coming from the ServerIron. Is it possible to filter out either types of command or connection info from particular IP addresses ? TIA Alex Sent using Mulberry 3.01a
Re: [squid-users] trimming contents of access.log
--On 05 June 2003 16:21 +0500 Ahmad Masood Shah <[EMAIL PROTECTED]> wrote: I'm not able to understat what information you want to fetch from your logss. If you want to fetch IP basis information from access log etcc then simple is that less access.log | grep youriphere no i want to configure squid not to put entries in the access.log for HEAD commands coming from the IP address associated with my server load balancing box. Each cache generates a nightly access.log file that is about 20Mytes and anything I can do to trim some of the triivia out of it would help Alex -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message ----- From: "Alex Sharaz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 4:12 PM Subject: [squid-users] trimming contents of access.log hi all, quick question, I'm running a number of web caches connected to a foundry ServerIronxL server load balancing device. The ServerIron performs L7 health checks every 30 seconds ( which I'm planning to reduce to about 109 secs) The only problem is that of course the access logs has got entries for "HEAD" commands coming from the ServerIron. Is it possible to filter out either types of command or connection info from particular IP addresses ? TIA Alex Sent using Mulberry 3.01a Sent using Mulberry 3.01a
Re: [squid-users] temporarily disabling (forbidden) digest from .....
many thanks for your help You were correct in saying it was an http_access thing. I'd cunningly managed to put a "deny all" statement blocking all access to local servers before the statement that allowed access to the digests All working now ;-)) Alex --On 26 May 2003 11:36 +0200 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: men 2003-05-26 klockan 10.24 skrev Alex Sharaz: Hi all, The above message is staring to bother me a bit. i've got 3 web caches behind a foundry server load balancing box and although I've switched on digests, each cache comes up with "temporarily disabling (forbidden) digest from What do you get in access.log on the other cache when this is reported? Anything in cache.log? -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED] Sent using Mulberry 3.01a
Re: [squid-users] temporarily disabling (forbidden) digest from .....
well I'm now seeing a lot of CD_.. HIT entries in my access.log file which weren't there before --On 27 May 2003 18:31 +0200 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: tis 2003-05-27 klockan 17.59 skrev Alex Sharaz: many thanks for your help You were correct in saying it was an http_access thing. I'd cunningly managed to put a "deny all" statement blocking all access to local servers before the statement that allowed access to the digests Note that you also nee to allow the peers to access the cached objects, or else they will not have any use of the digest they have fetched.. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED] Sent using Mulberry 3.01a
[squid-users] X-Originate-IP still not working in 2.5.STABLE3
Hi, A while back I reported that even though I'd configured squid to pass the clients IP address through the cache via the X-Originate-IP header variable squid was always inserting its own address in the field. I've just tried sending myself a mail message via hotmail via a 2.5.STABLE3 box and it still seems to do the same thing. Anyone else seen this? Alex Sent using Mulberry 3.01a
[squid-users] problems with www.channel4.com site
hi all, Got a really strange one here. Since last Friday we've been experiencing a problem with www.channel4.com ( ip address 212.62.19.212) which is causing extreme heartach for our nokia checkpoint 1 firewall. I've got 3 web caches connected to a foundry systems serveriron ( server load balancing box) Whenever anyone connects to something on the www.channel4.com web site, the squid process servicing the request seems to go int oa loop. Looking at our outside world link, the cache in question at our end and the www.channel4.com site are both sending what appear to be the *same* ack packet ( that's not the same packet both ways, that's each end repeatedly sending the same packet) Everything else is working fine. If I set up some acls to block access to domain channel4.com and the aforementioned ip address then everything works fine I'm running squid-2.5.STABLE3 on a RH 9.0 platform with kernel 2.4.20-13.9-smp kernel anyone else seen this sort of thing? it could be related to the kerenel I'm using as that's just been shipped out from RH but I'm at a loss as to why its only the channel 4 site that is causing a problem Alex Sent using Mulberry 3.01a
[squid-users] max request header size
hi all, i was browsing through one of my cache.log files and noticed a message saying that "the request header size" had been exceeded. Given that it was set to the default of 10K and the conf file says that its usually 512 bytes ish I wondered 1). Anyone else seeing these messages 2). Having just reduced the max size to 3K, there seems to be a lot of entries in cache.log about request header sizes over 3k and 10 K. Is there anyway to match the error message up with a particular request in the access.log file. 3). What *is* a reasonable setting for request_header_max_size ? here it appears that even 10 is occasionally too small. TIA Alex
[squid-users] probably a simple question
Hi all, got what is probably a simple question:- 99% of the time I use an auto proxy config script to select whether to go direct to a site or via my caches The othe 1% of the time I configure an explicit web cache ( for testing purposes) in IE6 and then specify an exclusion list for *.hull.ac.uk i.e. go to the cache for any urls that aren't in our local domain. the above is all very well, but i also want to access some of our network boxes using their ip address. Can you tell ie to go direct to an ip address? I've tried adding ;150.237 to the exclude list and that doesn't work Does anyone know if is possible to tell ie to go direct to ip addresses? TIA Alex Sent using Mulberry 3.01a
[squid-users] anyone using pam_radius to implement basic authentication
hi all I am currently using a squid radius authentication module with my caches and am considering moving to a pam_radius setup. Has anyone used pam_radius with a squid cache? alex Sent using Mulberry 3.01a
RE: [squid-users] probably a simple question
Yup I do that as well, but if i'm testing a new web cache out I don;t want to have to keep changing my auto-proxy config file that is load balanced over 2 machines and services the whole university every time I want to access a different cache. Anyway the way to do it in ie6 is to add a wildcarded ip address in the exceptions section of your proxy definitions. The "bypass proxy server for local connections only works for named hosts and not ip addresses. My exceptions entry has 150.237.*.*;*.hull.ac.uk which covers everything alex --On 22 October 2003 08:43 -0400 Adam Aube <[EMAIL PROTECTED]> wrote: 99% of the time I use an auto proxy config script to select whether to go direct to a site or via my caches The othe 1% of the time I configure an explicit web cache (for testing purposes) in IE6 and then specify an exclusion list the above is all very well, but i also want to access some of our network boxes using their ip address. Can you tell ie to go direct to an ip address? No, but you can use your proxy auto-config script; just return DIRECT for a given IP address. Adam Sent using Mulberry 3.01a
[squid-users] reiserfs or ext3 ?
Hi all, quick question, I'm running my 3 caches using ext3 file systems. I've noticed a number of people recommending ReiserFS. Should I consider moving to ReiserFS? What advantages would it give me over ext3? TIA Alex Sent using Mulberry 3.01a
[squid-users] multiple access.log files
hi all, I'm in the process of evaluating squid2mysql on one of my test servers. Unfortunately the php prog that actually writes the info into the mysql database occasionally crashes. As the "log file" squid uses is actually a fifo I don't have a copy of the access.log message that caused the problem. In addition to this I'd probably like to run both the database logging and the normal text logging in parallel for a while, so is there any way of telling squid to write info into 2 access logs alex Sent using Mulberry 3.01a
Re: [squid-users] squid radius auth
I use Steel Belted Radius by a company called Funk software AFAIK this server is almost the defacto standard radius server these days did have to do some "tweaking" of the phantom record settings to cope with multiple squid caches but other than that it just works Alex --On 08 December 2003 12:25 +0100 Esteban <[EMAIL PROTECTED]> wrote: Hello, I am trying to make squid radius auth with the perl script auth.pl by Edmar Lourenco Borges. My configuration is as follow: I have a LAN, and a squid http proxy on my linux firewall. I would like the LAN users to enter a password before to access the web throught my squid proxy. I told squid to run auth.pl which radius server should I use for auth.pl to ask authentication ? can I use the MS IAS service to do this ? Thank you very much for any answer. Regards, Stephane DESMET Responsible produits de sicuriti All Computing SAS 17, rue du Colisie - 75008 Paris France (+33)1 49 53 90 36 (+33)6 88 82 55 87 internet: www.allcomputing.fr Sent using Mulberry 3.01a
[squid-users] using squid2mysql
hi all, o.k. i've replaced my squid_rad_auth authentication program on one of my test caches with the squid2mysql authenticator ( having changed sqauth as the database is on another machine) and added a dummy user into the mysql db "auth" table I can now authenticate to the cache using the sqauth program and browse the web. I've put all the management php scripts into a directory on my web server ( which isn't apache - it;s a java servlet engine based server called resin. ) When i call any of the php pages associated with squid2mysql al I get is "Incorrect login" how am I supposed to log in to access the pages if there isn't a login page? alex Sent using Mulberry 3.01a
[squid-users] problem with squid and squid2mysql
hi all, Got a small problem here with squid running in conjunction with squid2mysql on a linux box. Config is RH 9 system running as squid cache with a back end mysql database runnning on another machine. Perl 5.08 installed with dbi module, mysql drivers and perl::ldap Created a special file on the webcache called /logs/mysqlacess.log and have started "cat /logs/mysqlaccess.log|tee -a /logs/access.log|/usr/local/bin/squid2mysql 2>/logs/squid2mysql.err" The above means I can still have the standard "access.log" file and dump log entries into a back end database. A back end RADIUS authentication database is also present to authenticate various classes of users. For various reasons i can't set up our dial in service to authenticate to our web caches, so i've added some code to the squid2mysql perl prog that performs an ldap query of our RADIUS server whenever a log file entry appears with a client ip address that comes from our dialin service. Basically it asks the radius server for the userid currently logged onto the ip address obtained from the access log entry. When i go through a web cache configured as described, everything works. When i try routing all of our dial in service calls through it the squid process crashes. I *think* its to do with the ldap lookups performed for every log record associated with our dial in service - all i see in the logs is "FATAL: Received Segment Violation...dying." Just before I crank up the logging to see whats happening, anyone out there using squid2mysql on a linux platform? - just to double check that it does work in a production environment alex Sent using Mulberry 3.01a
Re: [squid-users] problem with squid and squid2mysql - update
Increasing the logging I can now see 2003/12/18 17:29:21| The request CONNECT loginnet.passport.com:443 i ecause it matched 'from_hullnet' FATAL: Received Segment Violation...dying. 2003/12/18 17:29:21| Not currently OK to rewrite swap log. 2003/12/18 17:29:21| storeDirWriteCleanLogs: Operation aborted. CPU Usage: 1.060 seconds = 0.540 user + 0.520 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 438 Memory usage for squid via mallinfo(): = so what's the next step? any suggestions appreciated alex --On 18 December 2003 16:28 +0000 Alex Sharaz <[EMAIL PROTECTED]> wrote: hi all, Got a small problem here with squid running in conjunction with squid2mysql on a linux box. Config is RH 9 system running as squid cache with a back end mysql database runnning on another machine. Perl 5.08 installed with dbi module, mysql drivers and perl::ldap Created a special file on the webcache called /logs/mysqlacess.log and have started "cat /logs/mysqlaccess.log|tee -a /logs/access.log|/usr/local/bin/squid2mysql 2>/logs/squid2mysql.err" The above means I can still have the standard "access.log" file and dump log entries into a back end database. A back end RADIUS authentication database is also present to authenticate various classes of users. For various reasons i can't set up our dial in service to authenticate to our web caches, so i've added some code to the squid2mysql perl prog that performs an ldap query of our RADIUS server whenever a log file entry appears with a client ip address that comes from our dialin service. Basically it asks the radius server for the userid currently logged onto the ip address obtained from the access log entry. When i go through a web cache configured as described, everything works. When i try routing all of our dial in service calls through it the squid process crashes. I *think* its to do with the ldap lookups performed for every log record associated with our dial in service - all i see in the logs is "FATAL: Received Segment Violation...dying." Just before I crank up the logging to see whats happening, anyone out there using squid2mysql on a linux platform? - just to double check that it does work in a production environment alex Sent using Mulberry 3.01a
[squid-users] Anyone know if the buffered_logs config command also applies to acces.log?
or just the cache.log TIA Alex
Re: [squid-users] "Impossible keep-alive header"
Yup just downloaded the latest 2.5S4 snapshot and installed it on one of my caches and they started. All the other caches are o.k. alex --On 14 January 2004 10:37 -0500 Steve Snyder <[EMAIL PROTECTED]> wrote: I'm suddenly getting a lot of these errors. Here's an example: 2004/01/14 10:29:35| ctx: exit level 0 2004/01/14 10:29:35| ctx: enter level 0: 'http://www.squid-cache.org/Versions/v2/2.5/bugs/' 2004/01/14 10:29:35| httpProcessReplyHeader: Impossible keep-alive header from 'http://www.squid-cache.org/Versions/v2/2.5/bugs/' This is on a Red Hat v9 system, running Squid 2.5S4 and all patches applied. I think that these many entries in cache.log are the result of applying the recent squid-2.5.STABLE4-http_workarounds.patch patch. Anyone else seeing this behavior? Thanks. Sent using Mulberry 3.01a
Re: [squid-users] MySql Authorization
Yup there is a squid2mysql package which although primarily for getting access log entries into a database also has a mysql authentication module you can use Alex --On 22 January 2004 10:28 +0100 Riccardo Fontana <[EMAIL PROTECTED]> wrote: Hi, I would like to know if exist some kind of external helper to authorize users authenticated with another method. I'm already using Netbios authentication but instead of the group helper i would prefer to create an ACL based on a mysql table. Sent using Mulberry 3.01a
[squid-users] problems writing squid logs into a database
Hi all, i've been working on a perl script to write the contents of access.log into a DB2 database. The script was originally one by Eugene Chernyshev [ This is a part of Squid2MySQL accounting system. CopyRight 2001 by Eugene V. Chernyshev mailto:[EMAIL PROTECTED] ] but modified a bit. The problem I've got is that I'm trying to do this in real time, and while the script certainly works, it doesn't seem to have as many input lines as I'd expect. I.e. the access log is filing up faster than the database is. It looks as if the perl script isn't getting as many lines fed to it as the access.log file. I'm using the tail command to take access.log output and pipe it into my prog. The additional options let it track access log file rotation (which happens every day at midnight) If anyone has an idea why the perl script isn't processing the tail command is #!/bin/sh # # $Id: RunCache.in,v 1.9.8.1 2003/01/06 20:52:55 wessels Exp $ . /home/db2inst3/sqllib/db2profile echo "Running rtsquid2db2 daemon">>/logs/squid.out 2>&1 tail --retry --lines=1 --follow=name --max-unchanged-stats=2 /logs/access.log 2>>/logs/squid2db2.log|/usr/local/squid/bin/rtsquid2db2 150.237.47.4 >>/logs/squid2db2.log 2>>/logs/squid2db2.err & and the appropriate part of the perl program is:- #!/usr/bin/perl # Squid2Db2 # # Version: 0.6 # #[ Taken from # This is a part of Squid2MySQL accounting system. # CopyRight 2001 by Eugene V. Chernyshev mailto:[EMAIL PROTECTED] #] # Changes # 10/12/03 - add database field for the IP address of the system # - don't save head queries either # # 12/12/03 - We want to save everything in the database and not just the #userid authenticated stuff, If weneed to filter out info #we can do it later on. Removed the chreck to see if the username #is "-" # 15/12/03 - Date is out by 7 hours - the calculations after gmtime affs 7 hours #onto the time - removed the adjustment #Added time in milliseconds field to database # 18/12/03 - open ;ldap conection to radius server at start of prog and not #in function routine # # 19/01/04 - dont update the rdn table if the userid is "-" #disable the ldap lookup for now #remove the date and time entries as we have the time in msec # 26/01/04 - Added finish statement to close down the prepare statement # 26/01/04 - Added finish statement to close down the prepare statement # 27/01/04 - Real time version of squid2db2 # setup # 28/01/04 - Test for null URL string. If present fill with a dummy one and #output input string components. # 30/01/04 - Check for null username returned from the radius server # # 05/03/04 - Added more comprehensive tests to check for null parameters #being passed over to the prepared statement. #remove the billing calculation - set to 0 # #Remove the die statement after the execute. We want to keep going #and output the error. # Generated a subroutine for the output # 11/03/04 - Ldap lookup from radius server always assumes that the server is up #and only talks to one server. Try and get it to try multiple #servers before it dies and move the connection to the lookup phase # 19/03/04 - really need to close the function as well - in the right place. #Added input parameter for ip address to use as own. #tidied up logging and removed old commented code # 18/06/04 - Changed some of the database names # 21/06/04 - Added username to logging function #Use local time instead of gmtime to get date right #added msec parameter to db2 timestamp #don't need the billing function # $db2user="Y"; # user name $db2pass="XX"; # user password $db2serv="XX.YY.XX.BB"; # server $db2port=""; # server port $db2dbas="sqstats"; # database name $db2tabl="squid.logger"; # database table $backuplog="/logs/backup.log"; # Backup log if couldn't connect to # billing setup $valuepermeg=4;# four roubles per meg $valueperhour=0; # none per hour, leased line +2880p # billing method # 0 for user accounting, 1 for hosts accounting $usehosts=1; use DBI; use DBD::DB2::Constants; use DBD::DB2; use Net::LDAP; $dbh=DBI->connect("DBI:DB2:sqstats",$db2user,$db2pass)||&errorconn; $sth=$dbh->prepare("INSERT INTO squid.logger(cacheip,tstamp,elapsed,code,\ status,bytes,url,userident,clientip)\ VALUES(?,?,?,?,?,?,?,?,?)"); open(FBLOGRET,$backuplog); close(FBLOGRET); # # Get the IP address # $ourip=$ARGV[0]; print STDERR "our ip address is $ourip\n"; while($inputLine = ) { # # 0 timestamp.millisec # 1 duration # 2 remotehost # 3 code/status # 4 bytes # 5 method # 6 URL # 7 username # 8 peerstatus/peerhost # 9 type # # #chop; # here we now get a string! # splitting string onto subdata @lines=split(' ',$input
[squid-users] caching windows updates
Chaps, A while back I thought I saw some e-mails discussing the possibility of caching windows updates files on squid servers and there was mention of some code/scripts to do this. Needless to say I've lost that particular messaage. Can someone point me in the right direction please TIA Alex Sent using Mulberry 3.1.2
[squid-users] providing a secure basic authentication
Chaps, I'm currently using a basic auth scheme on our squid caches that uses a radius authentication module From the squid FAQ "NOTE: The name and password are encoded using ``base64'' (See section 11.1 of RFC 2616). However, base64 is a binary-to-text encoding only, it does NOT encrypt the information it encodes. This means that the username and password are essentially ``cleartext'' between the browser and the proxy. Therefore, you probably should not use the same username and password that you would use for your account login." Is there any way I can perform the authentication scheme over a secure connection TIA Alex Sent using Mulberry 3.1.2
Re: [squid-users] providing a secure basic authentication
--On 22 September 2004 19:42 +0200 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: On Wed, 22 Sep 2004, Alex Sharaz wrote: Is there any way I can perform the authentication scheme over a secure connection Pick one (or two): * Use of Digest authentication. * Use of NTLM authentication. hmmm got to stay with authenticating to our radius servers really so I guess that excludes the two above. * SSL encryption of the client<->proxy traffic. Requires a client wich supports SSL encryption of proxy connections or the use of a SSL tunnel on the client (browser -> SSL tunnel on localhost -> proxy). o.k. This sounds interesting, given that almost every man and his dog is using IE or mozilla/firefox anyone know if they suport proxy connections over ssl? alex Regards Henrik Sent using Mulberry 3.1.2
Re: [squid-users] providing a secure basic authentication
--On 23 September 2004 12:49 +0200 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: On Thu, 23 Sep 2004, Alex Sharaz wrote: This sounds interesting, given that almost every man and his dog is using IE or mozilla/firefox anyone know if they suport proxy connections over ssl? Not last time I looked, but there is a rumor that recent versions of mozilla/firefox may. Have not found it in the versions of Mozilla I have access to however. o.k. i'm running the pre release version of firefox. I'll have a look. What works for all browsers is to use a ssl tunnel client. stunnel is a reasonable and free one. Already using stunnel for email access through our firewall works great. The principle when using an ssl tunnel is that you run a small SSL proxy gateway/tunnel on the client configured to connect to the proxy https_port, the client browser is then configured to use the local port of the SSL proxy. Browser -> (localhost) stunnel -> (SSL) Proxy https_port stunnel then wraps all requests send by the browser into an encrypted SSL tunnel and sends them to the proxy. If you have central administration of your Windows boxes it should not be too hard to push out the stunnel client and new proxy configuration to the clients. The problem is that we don't. We are taking about personal pcs in the Student Halls of Residence. I don't impose proxy authentication on all of our users, just our students and wireless lan users. Still, I'll have a play and see what we can do. It would be better if there was some way of not having to install something on the client. Many thanks alex Regards Henrik Sent using Mulberry 3.1.2
[squid-users] automatic windows updates
Chaps, For a long time now I've blocked direct http/s access to the Internet from out site and forced everyone to go via our web caches. This has been working just fine until recently when automatic updates stated failing. Basically, you can check to see if there are any updates and what they are , but when it comes to actually performing the download of the updates, the client seems to want access to the update site directly. We * think* its something to do with the version of auto update that's running (v5?) has anyone else seen this happening? Alex Sent using Mulberry 3.1.2
[squid-users] squid2.5.stable8 cache.log messages
Chaps, I've just upgraded to squid.2.5.STABLE8 and my cache.log file has loads of these messages Should I be bothered? What can I do to stop them from happening? TIA Alex 2005/02/15 11:47:20| httpReadReply: Excess data from "GET http://www.luvexchange .com/luvexchange/getthin.cfm" 2005/02/15 11:47:25| httpReadReply: Excess data from "GET http://ad.doubleclick. net/686500/8220-0-728x90_blue_da.swf?clickTag=http://ad.doubleclick.net/click%3B h=v3|3220|3|0|%2a|d%3B9688959%3B3-0%3B0%3B9717545%3B3454-728|90%3B6184511|620240 7|1%3B%3B%7Esscs%3D%3fhttp%3A%2F%2Fwww.888.com/?l=35%26SR=671757" 2005/02/15 11:47:39| httpReadReply: Excess data from "GET http://hb.lycos.com/he ader?Z=435956&VID=12701&LHM=0&LHIV=1&LHS=1&LHIV=1&REF=&SCRNSZ=1024x768&BRSRSZ=10 04x589&TIME=Tue%20Feb%2015%2011%3A47%3A31%20UTC%202005" Sent using Mulberry 3.1.2
[squid-users] Issues with rsyslog and squid 3.1.16
Hi, I've just move my squid 3.1.16 web caches over to using rsyslog ( Ubuntu 10.4 LTS OS) to move log files over to a centralised syslog server for storage in a mysql database. Most of the time it works just fine. Unfortunately I do seem to be seeing some blocking occurring where a cache isn't accepting new inbound client connections. I've got 6 webcaches configured in 2 clusters of 3. When a problem occurs, I can see about 50 - 100 concurrent connections on caches with the problem, and 10 - 12K connections on the remaining normaly operating ones. A restart of the rsyslog daemon on a problematic cache cures the problem for a while, but it can come back. From my squid.conf file logformat hsyslog %tg,%ts.%tu,%>a,%la,150.237.199.249,%ul,%rm,HTTP/%rv, %>Hs,% # TAG: access_log # These files log client request activities. Has a line every HTTP or # ICP request. The format is: # access_log [ [acl acl ...]] # access_log none [acl acl ...]] # # Will log to the specified file using the specified format (which # must be defined in a logformat directive) those entries which match # ALL the acl's specified (which must be defined in acl clauses). # If no acl is specified, all requests will be logged to this file. # # To disable logging of a request use the filepath "none", in which case # a logformat name should not be specified. # # To log the request via syslog specify a filepath of "syslog": # # access_log syslog[:facility.priority] [format [acl1 [acl2 ]]] # where facility could be any of: # authpriv, daemon, local0 .. local7 or user. # # And priority could be any of: # err, warning, notice, info, debug. #access_log /logs/access.log hcommon access_log syslog:local0.info hsyslog and from the rsyslog.d directory $WorkDirectory /logs/rsyslog # where to place spool files $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 5g # space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1# infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @@150.237.85.216:514 Squid build with #!/bin/bash ulimit -SHn 49152 ./configure --enable-snmp --enable-basic-auth-helpers="PAM" -- enable-cachemgr-hostname=wwwcache2-west.hull.ac.uk --enable-htcp -- enable-cache-digests --enable-async-io --prefix=/usr/local/squid -- with-pthreads --enable-removal-policies --enable-ssl -with-openssl=/ usr/local/ssl --disable-linux-netfilter -with-large-files --with- maxfd=49152 --with-dl --enable-icmp --enable-poll --disable-ident- lookups --enable-truncate --disable-delay-pools --disable-ipv6 -- disable-loadable-modules root@wwwcache2-west:/usr/local/src/squid-3.1.16# Anything I can change in the build to stop this blocking from happennig? Rgds Alex == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] Problem with latest squid 3.2 snapshot
Hi, I've just downloaded and built a copy of Squid Cache version 3.2.0.13-2022-r11422 for x86_64-unknown-linux- gnu... and built it on a brand new fully patched version of Ubuntu 10.4 LTS with IPv6 disabled ( don't use it here yet) through /etc/default/grub. A netstat -a shows that nothing is listening on an IPv6 port. Squid built using #!/bin/bash ulimit -SHn 49152 CFLAGS="-m64" ./configure --enable-snmp --enable-basic-auth- helpers="PAM" --enable-cachemgr-hostname=wwwcache2-east.hull.ac.uk -- enable-htcp --enable-cache-digests --enable-async-io --prefix=/usr/ local/squid --with-pthreads --enable-removal-policies --enable-ssl -- disable-linux-netfilter -with-large-files --with-maxfd=49152 --with-dl --enable-icmp --enable-poll --disable-ident-lookups --enable-truncate --disable-delay-pools --disable-ipv6 --disable-loadable-modules I've created a config file to use the SMP specifying a weight of 8 with nop mapping of processes to CPU cores. If I try firing up /usr/local/squid/sbin/squid I get . 2011/11/24 15:41:42 kid9| assertion failed: mem.cc:205: "MemPools[type]" at which point squid restarts 2011/11/24 15:41:45 kid9| Starting Squid Cache version 3.2.0.13-2022-r11422 for x86_64-unknown-linux-gnu... 2011/11/24 15:41:45 kid9| Process ID 1306 2011/11/24 15:41:45 kid9| Process Roles: coordinator 2011/11/24 15:41:45 kid9| With 49152 file descriptors available 2011/11/24 15:41:45 kid9| Initializing IP Cache... 2011/11/24 15:41:45 kid9| DNS Socket created at 0.0.0.0, FD 7 2011/11/24 15:41:45 kid9| Adding nameserver 150.237.84.21 from squid.conf 2011/11/24 15:41:45 kid9| Adding nameserver 150.237.198.2 from squid.conf 2011/11/24 15:41:45 kid9| helperOpenServers: Starting 0/60 'rewrite_youtube.pl' processes 2011/11/24 15:41:45 kid9| helperOpenServers: No 'rewrite_youtube.pl' processes needed. 2011/11/24 15:41:45 kid9| Logfile: opening log daemon:/logs/access.log 2011/11/24 15:41:45 kid9| Logfile Daemon: opening log /logs/access.log 2011/11/24 15:41:45 kid9| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/11/24 15:41:45 kid9| Store logging disabled 2011/11/24 15:41:45 kid9| Swap maxSize 0 + 524288 KB, estimated 40329 objects 2011/11/24 15:41:45 kid9| Target number of buckets: 2016 2011/11/24 15:41:45 kid9| Using 8192 Store buckets 2011/11/24 15:41:45 kid9| Max Mem size: 524288 KB [shared] 2011/11/24 15:41:45 kid9| Max Swap size: 0 KB 2011/11/24 15:41:45 kid9| Using Least Load store dir selection 2011/11/24 15:41:45 kid9| Set Current Directory to /usr/local/squid/ var/cache/squid 2011/11/24 15:41:45 kid9| Loaded Icons. 2011/11/24 15:41:45 kid9| Ready to serve requests. and I get this 2011/11/24 15:41:45 kid9| commBind: Cannot bind socket FD 9 to [::]: (13) Permission denied 2011/11/24 15:41:45 kid9| Configuring Sibling wwwcache1- east.hull.ac.uk/3128/4827 2011/11/24 15:41:50 kid9| Configuring Sibling wwwcache3- east.hull.ac.uk/3128/4827 2011/11/24 15:41:50 kid9| Configuring Sibling wwwcache4- east.hull.ac.uk/3128/4827 2011/11/24 15:41:50 kid9| Configuring Sibling slb-realsrv1- east.hull.ac.uk/3128/4827 2011/11/24 15:41:50 kid9| Configuring Sibling wwwcache1- west.hull.ac.uk/3128/4827 2011/11/24 15:41:50 kid9| Configuring Sibling wwwcache2- west.hull.ac.uk/3128/4827 2011/11/24 15:41:50 kid9| Configuring Sibling wwwcache3- west.hull.ac.uk/3128/4827 At this point although a ps -ef shows a number of squid processes, a netstat -a doesn't show any listening on any TCP ports. I then shutdown squid and get 2011/11/24 15:42:00 kid9| Preparing for shutdown after 0 requests 2011/11/24 15:42:00 kid9| Waiting 30 seconds for active connections to finish 2011/11/24 15:42:00 kid9| Shutdown: NTLM authentication. 2011/11/24 15:42:00 kid9| Shutdown: Negotiate authentication. 2011/11/24 15:42:00 kid9| Shutdown: Digest authentication. 2011/11/24 15:42:00 kid9| Shutdown: Basic authentication. 2011/11/24 15:42:31 kid9| Shutting down... FATAL: Received Segment Violation...dying. If I fire up squid with /usr/local/squid/sbin/squid -NY then things spring into life and works just fine. Help !! Rgds Alex == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] squid 3.2 failure
Hi, seem to have some problems with squid 3.2.0.13 Alex 2011/11/25 10:39:29 kid6| WARNING: 1 swapin MD5 mismatches 2011/11/25 10:39:29 kid6| Could not parse headers from on disk object 2011/11/25 10:39:29 kid6| WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this: 2011/11/25 10:39:29 kid6| StoreEntry->key: 6F433C6765CB325AC07C48CD383FFC4C 2011/11/25 10:39:29 kid6| StoreEntry->next: 0 2011/11/25 10:39:29 kid6| StoreEntry->mem_obj: 0x151f040 2011/11/25 10:39:29 kid6| StoreEntry->timestamp: -1 2011/11/25 10:39:29 kid6| StoreEntry->lastref: 1322217569 2011/11/25 10:39:29 kid6| StoreEntry->expires: -1 2011/11/25 10:39:29 kid6| StoreEntry->lastmod: -1 2011/11/25 10:39:29 kid6| StoreEntry->swap_file_sz: 0 2011/11/25 10:39:29 kid6| StoreEntry->refcount: 1 2011/11/25 10:39:29 kid6| StoreEntry->flags: CACHABLE,PRIVATE,FWD_HDR_WAIT,VALIDATED 2011/11/25 10:39:29 kid6| StoreEntry->swap_dirn: -1 2011/11/25 10:39:29 kid6| StoreEntry->swap_filen: -1 2011/11/25 10:39:29 kid6| StoreEntry->lock_count: 2 2011/11/25 10:39:29 kid6| StoreEntry->mem_status: 0 2011/11/25 10:39:29 kid6| StoreEntry->ping_status: 2 2011/11/25 10:39:29 kid6| StoreEntry->store_status: 1 2011/11/25 10:39:29 kid6| StoreEntry->swap_status: 0 2011/11/25 10:39:29 kid6| assertion failed: store.cc:1859: "isEmpty()" 2011/11/25 10:39:32 kid6| Starting Squid Cache version 3.2.0.13-2022-r11422 for x86_64-unknown-linux-gnu... 2011/11/25 10:39:32 kid6| Process ID 3059 2011/11/25 10:39:32 kid6| Process Roles: worker == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] Error on latest squid 3.2 snapshot:Unable to allocate 18446744073638813067 blocks of 1 bytes!
2011/11/28 16:49:16 kid2| Starting Squid Cache version 3.2.0.13-2027-r11436 for x86_64-unknown-linux-gnu... 2011/11/28 16:49:16 kid2| Process ID 10575 2011/11/28 16:49:16 kid2| Process Roles: worker 2011/11/28 16:49:16 kid2| With 49152 file descriptors available 2011/11/28 16:49:16 kid2| Initializing IP Cache... 2011/11/28 16:49:16 kid2| DNS Socket created at 0.0.0.0, FD 7 2011/11/28 16:49:16 kid2| Adding nameserver 150.237.84.21 from squid.conf 2011/11/28 16:49:16 kid2| Adding nameserver 150.237.198.2 from squid.conf 2011/11/28 16:49:16 kid2| helperOpenServers: Starting 5/20 'helper- mux.pl' processes 2011/11/28 16:49:16 kid2| helperOpenServers: Starting 0/10 'basic_pam_auth' processes 2011/11/28 16:49:16 kid2| helperOpenServers: No 'basic_pam_auth' processes needed. 2011/11/28 16:49:16 kid2| Logfile: opening log daemon:/logs/access.log 2011/11/28 16:49:16 kid2| Logfile Daemon: opening log /logs/access.log 2011/11/28 16:49:16 kid2| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/11/28 16:49:16 kid2| Store logging disabled 2011/11/28 16:49:16 kid2| WARNING: disk-cache maximum object size is unlimited but mem-cache maximum object size is 32.00 KB 2011/11/28 16:49:16 kid2| Swap maxSize 4060160 + 262144 KB, estimated 332484 objects 2011/11/28 16:49:16 kid2| Target number of buckets: 16624 2011/11/28 16:49:16 kid2| Using 32768 Store buckets 2011/11/28 16:49:16 kid2| Max Mem size: 262144 KB [shared] 2011/11/28 16:49:16 kid2| Max Swap size: 4060160 KB 2011/11/28 16:49:16 kid2| Version 1 of swap file with LFS support detected... 2011/11/28 16:49:16 kid2| Rebuilding storage in /cache/2 (CLEAN) 2011/11/28 16:49:16 kid2| Using Least Load store dir selection 2011/11/28 16:49:16 kid2| Set Current Directory to /usr/local/squid/ var/cache/squid 2011/11/28 16:49:16 kid2| Loaded Icons. 2011/11/28 16:49:16 kid2| IcmpSquid.cc(255) Open: Pinger socket opened on FD 24 2011/11/28 16:49:16 kid2| Ready to serve requests. 2011/11/28 16:49:16 kid2| Done reading /cache/2 swaplog (24 entries) 2011/11/28 16:49:16 kid2| Finished rebuilding storage from disk. 2011/11/28 16:49:16 kid2|24 Entries scanned 2011/11/28 16:49:16 kid2| 0 Invalid entries. 2011/11/28 16:49:16 kid2| 0 With invalid flags. 2011/11/28 16:49:16 kid2|24 Objects loaded. 2011/11/28 16:49:16 kid2| 0 Objects expired. 2011/11/28 16:49:16 kid2| 0 Objects cancelled. 2011/11/28 16:49:16 kid2| 0 Duplicate URLs purged. 2011/11/28 16:49:16 kid2| 0 Swapfile clashes avoided. 2011/11/28 16:49:16 kid2| Took 0.02 seconds (1300.67 objects/sec). 2011/11/28 16:49:16 kid2| Beginning Validation Procedure 2011/11/28 16:49:16 kid2| Completed Validation Procedure 2011/11/28 16:49:16 kid2| Validated 24 Entries 2011/11/28 16:49:16 kid2| store_swap_size = 2321119973474304.00 KB FATAL: xcalloc: Unable to allocate 18446744073638813067 blocks of 1 bytes!
[squid-users] URL parsing crashing squid 3.2.0.13... snapshot
Hi, 2011/12/08 10:05:13 kid5| Starting Squid Cache version 3.2.0.13-20111206-r11454 for x86_64-unknown-linux-gnu... 2011/12/08 10:05:13 kid5| Process ID 6007 2011/12/08 10:05:13 kid5| Process Roles: worker 2011/12/08 10:05:13 kid5| With 49152 file descriptors available 2011/12/08 10:05:13 kid5| Initializing IP Cache... 2011/12/08 10:05:13 kid5| DNS Socket created at 0.0.0.0, FD 7 2011/12/08 10:05:13 kid5| Adding nameserver 150.237.84.21 from squid.conf 2011/12/08 10:05:13 kid5| Adding nameserver 150.237.198.2 from squid.conf 2011/12/08 10:05:13 kid5| helperOpenServers: Starting 5/20 'helper- mux.pl' processes 2011/12/08 10:05:13 kid5| helperOpenServers: Starting 0/10 'basic_pam_auth' processes 2011/12/08 10:05:13 kid5| helperOpenServers: No 'basic_pam_auth' processes needed. 2011/12/08 10:05:13 kid5| Logfile: opening log daemon:/logs/access.log 2011/12/08 10:05:13 kid5| Logfile Daemon: opening log /logs/access.log 2011/12/08 10:05:13 kid5| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/12/08 10:05:13 kid5| Store logging disabled 2011/12/08 10:05:13 kid5| WARNING: disk-cache maximum object size is unlimited but mem-cache maximum object size is 32.00 KB 2011/12/08 10:05:13 kid5| Swap maxSize 4060160 + 262144 KB, estimated 332484 objects 2011/12/08 10:05:13 kid5| Target number of buckets: 16624 2011/12/08 10:05:13 kid5| Using 32768 Store buckets 2011/12/08 10:05:13 kid5| Max Mem size: 262144 KB [shared] 2011/12/08 10:05:13 kid5| Max Swap size: 4060160 KB 2011/12/08 10:05:13 kid5| Version 1 of swap file with LFS support detected... 2011/12/08 10:05:13 kid5| Rebuilding storage in /cache/5 (CLEAN) 2011/12/08 10:05:13 kid5| Using Least Load store dir selection 2011/12/08 10:05:13 kid5| Set Current Directory to /usr/local/squid/ var/cache/squid 2011/12/08 10:05:13 kid5| Loaded Icons. 2011/12/08 10:05:13 kid5| IcmpSquid.cc(255) Open: Pinger socket opened on FD 24 2011/12/08 10:05:13 kid5| Ready to serve requests. 2011/12/08 10:05:13| pinger: Initialising ICMP pinger ... 2011/12/08 10:05:13| pinger: ICMP socket opened. 2011/12/08 10:05:13 kid5| Store rebuilding is 19.10% complete 2011/12/08 10:05:13 kid5| Done reading /cache/5 swaplog (21442 entries) 2011/12/08 10:05:13 kid5| Finished rebuilding storage from disk. 2011/12/08 10:05:13 kid5| 21442 Entries scanned 2011/12/08 10:05:13 kid5| 0 Invalid entries. 2011/12/08 10:05:13 kid5| 0 With invalid flags. 2011/12/08 10:05:13 kid5| 20983 Objects loaded. 2011/12/08 10:05:13 kid5| 0 Objects expired. 2011/12/08 10:05:13 kid5| 0 Objects cancelled. 2011/12/08 10:05:13 kid5| 447 Duplicate URLs purged. 2011/12/08 10:05:13 kid5|12 Swapfile clashes avoided. 2011/12/08 10:05:13 kid5| Took 0.13 seconds (158376.61 objects/sec). 2011/12/08 10:05:13 kid5| Beginning Validation Procedure 2011/12/08 10:05:13 kid5| Completed Validation Procedure 2011/12/08 10:05:13 kid5| Validated 20983 Entries 2011/12/08 10:05:13 kid5| store_swap_size = 848684.00 KB 2011/12/08 10:05:13 kid5| Accepting HTTP Socket connections at local=150.237.85.249:3128 remote=[::] FD 9 flags=1 2011/12/08 10:05:13 kid5| Accepting HTTP Socket connections at local=150.237.84.13:3128 remote=[::] FD 11 flags=1 2011/12/08 10:05:13 kid5| Accepting HTCP messages on 0.0.0.0:4827 2011/12/08 10:05:13 kid5| Sending HTCP messages from 0.0.0.0:4827 2011/12/08 10:05:14 kid5| storeLateRelease: released 0 objects 2011/12/08 10:05:16 kid4| Starting Squid Cache version 3.2.0.13-20111206-r11454 for x86_64-unknown-linux-gnu... 2011/12/08 10:05:16 kid4| Process ID 6016 2011/12/08 10:05:16 kid4| Process Roles: worker 2011/12/08 10:05:16 kid4| With 49152 file descriptors available 2011/12/08 10:05:16 kid4| Initializing IP Cache... 2011/12/08 10:05:16 kid4| DNS Socket created at 0.0.0.0, FD 7 2011/12/08 10:05:16 kid4| Adding nameserver 150.237.84.21 from squid.conf 2011/12/08 10:05:16 kid4| Adding nameserver 150.237.198.2 from squid.conf 2011/12/08 10:05:16 kid4| helperOpenServers: Starting 5/20 'helper- mux.pl' processes 2011/12/08 10:05:16 kid4| helperOpenServers: Starting 0/10 'basic_pam_auth' processes 2011/12/08 10:05:16 kid4| helperOpenServers: No 'basic_pam_auth' processes needed. 2011/12/08 10:05:16 kid4| Logfile: opening log daemon:/logs/access.log 2011/12/08 10:05:16 kid4| Logfile Daemon: opening log /logs/access.log 2011/12/08 10:05:16 kid4| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/12/08 10:05:16 kid4| Store logging disabled 2011/12/08 10:05:16 kid4| WARNING: disk-cache maximum object size is unlimited but mem-cache maximum object size is 32.00 KB 2011/12/08 10:05:16 kid4| Swap maxSize 4060160 + 262144 KB, estimated 332484 objects 2011/12/08 10:05:16 kid4| Target number of buckets: 16624 2011/12/08 10:05:16 kid4| Using 32768 Store buckets 2011/12/08 10:05:16 kid4| Max Mem size: 262144 KB [shared] 2011/12/08 10:05:16 kid4| Max Swap size: 4060160 KB 2011/12/08 10:05:
[squid-users] getting assertion failed: CommCalls.h:165: "dp" squid 3.2.0.14
Chaps, Getting the following on squid 3.2.0.14 systems Shutdown: NTLM authentication. 2011/12/19 13:17:38 kid9| Shutdown: Negotiate authentication. 2011/12/19 13:17:38 kid9| Shutdown: Digest authentication. 2011/12/19 13:17:38 kid9| Shutdown: Basic authentication. 2011/12/19 13:18:09 kid9| Shutting down... 2011/12/19 13:18:09 kid9| assertion failed: CommCalls.h:165: "dp" FATAL: Received Segment Violation...dying. 2011/12/19 13:18:09 kid9| Not currently OK to rewrite swap log. 2011/12/19 13:18:09 kid9| storeDirWriteCleanLogs: Operation aborted.
[squid-users] getting assertion failed: mem.cc:205: "MemPools[type]" in squid 3.2.0.14
Configuring Sibling wwwcache2-east.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling wwwcache1- west.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling slb-realsrv1- east.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling wwwcache3- west.hull.ac.uk/3128/4827 2011/12/19 13:26:20 kid9| assertion failed: mem.cc:205: "MemPools[type]" 2011/12/19 13:26:23 kid9| Starting Squid Cache version 3.2.0.14 for i686-pc-linux-gnu... == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] filtering out cache.log messages in Squid 3.2
Hi, I'm running a number of 3.2 caches behind a hardware load balancer that performs health checks every 30 seconds by doing a "head http://< non resolvable FQDN>/fred.txt" and expecting a 503 status code to be returned from the server. If it gets this, real traffic is passed to the cache based upon the distribution algorithm used. The problem is of course that cache.log now has 2012/01/04 09:17:34 kid1| Failed to select source for 'http://dummyhost12345.hull.ac.uk/fred.txt' 2012/01/04 09:17:34 kid1| always_direct = 0 2012/01/04 09:17:34 kid1|never_direct = 0 2012/01/04 09:17:34 kid1|timedout = 0 2012/01/04 09:17:39 kid5| Failed to select source for 'http://dummyhost12345.hull.ac.uk/fred.txt' 2012/01/04 09:17:39 kid5| always_direct = 0 2012/01/04 09:17:39 kid5|never_direct = 0 2012/01/04 09:17:39 kid5|timedout = 0 2012/01/04 09:17:44 kid5| Failed to select source for 'http://dummyhost12345.hull.ac.uk/fred.txt' 2012/01/04 09:17:44 kid5| always_direct = 0 2012/01/04 09:17:44 kid5|never_direct = 0 2012/01/04 09:17:44 kid5|timedout = 0 2012/01/04 09:17:49 kid7| Failed to select source for 'http://dummyhost12345.hull.ac.uk/fred.txt' 2012/01/04 09:17:49 kid7| always_direct = 0 2012/01/04 09:17:49 kid7|never_direct = 0 2012/01/04 09:17:49 kid7|timedout = 0 2012/01/04 09:17:54 kid5| Failed to select source for 'http://dummyhost12345.hull.ac.uk/fred.txt' 2012/01/04 09:17:54 kid5| always_direct = 0 2012/01/04 09:17:54 kid5|never_direct = 0 2012/01/04 09:17:54 kid5|timedout = 0 2012/01/04 09:17:59 kid1| Failed to select source for 'http://dummyhost12345.hull.ac.uk/fred.txt' 2012/01/04 09:17:59 kid1| always_direct = 0 2012/01/04 09:17:59 kid1|never_direct = 0 2012/01/04 09:17:59 kid1|timedout = 0 messages every 5 seconds. Is there a way of filtering these out? Of course I could just change the URL to be something real e.g http://bbc.co.uk/ and do it that way, Rgds Alex
[squid-users] squid 3.2 URL too large Segment violation
Squid 3.2.0.14 snapshot 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.85.249:3128 remote=[::] FD 9 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.85.249:8080 remote=[::] FD 11 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.84.13:3128 remote=[::] FD 17 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.84.13:8080 remote=[::] FD 19 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.84.5:3128 remote=[::] FD 22 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.84.5:8080 remote=[::] FD 25 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 27 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=127.0.0.1:8080 remote=[::] FD 29 flags=1 2012/01/06 11:29:46 kid7| Accepting HTCP messages on 0.0.0.0:4827 2012/01/06 11:29:46 kid7| Sending HTCP messages from 0.0.0.0:4827 2012/01/06 11:29:46 kid7| urlParse: URL too large (52427 bytes) FATAL: Received Segment Violation...dying. 2012/01/06 11:29:46 kid7| storeDirWriteCleanLogs: Starting... 2012/01/06 11:29:46 kid7| WARNING: Closing open FD9 2012/01/06 11:29:46 kid7| 65536 entries written so far. 2012/01/06 11:29:46 kid7|131072 entries written so far. 2012/01/06 11:29:46 kid7|196608 entries written so far. == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] 3.2.0.14 latest snapshot crashing
output from cache.log 2012/01/06 10:24:00 kid5| WARNING: 1 swapin MD5 mismatches 2012/01/06 10:24:00 kid5| Could not parse headers from on disk object 2012/01/06 10:24:00 kid5| WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this: 2012/01/06 10:24:00 kid5| StoreEntry->key: D03F303CF1C901E9935AB1C5A2A0A584 2012/01/06 10:24:00 kid5| StoreEntry->next: 0 2012/01/06 10:24:00 kid5| StoreEntry->mem_obj: 0x1eab7b0 2012/01/06 10:24:00 kid5| StoreEntry->timestamp: -1 2012/01/06 10:24:00 kid5| StoreEntry->lastref: 1325845440 2012/01/06 10:24:00 kid5| StoreEntry->expires: -1 2012/01/06 10:24:00 kid5| StoreEntry->lastmod: -1 2012/01/06 10:24:00 kid5| StoreEntry->swap_file_sz: 0 2012/01/06 10:24:00 kid5| StoreEntry->refcount: 1 2012/01/06 10:24:00 kid5| StoreEntry->flags: CACHABLE,PRIVATE,FWD_HDR_WAIT,VALIDATED 2012/01/06 10:24:00 kid5| StoreEntry->swap_dirn: -1 2012/01/06 10:24:00 kid5| StoreEntry->swap_filen: -1 2012/01/06 10:24:00 kid5| StoreEntry->lock_count: 2 2012/01/06 10:24:00 kid5| StoreEntry->mem_status: 0 2012/01/06 10:24:00 kid5| StoreEntry->ping_status: 2 2012/01/06 10:24:00 kid5| StoreEntry->store_status: 1 2012/01/06 10:24:00 kid5| StoreEntry->swap_status: 0 Love to send a config file, but you have a message size limit that stops me from doing this A == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] Squid 3.2 snapshot ... vanishing processes
Running squid 3.2 on a number of machines. Gradually the worker process die with the FATAL xalloc message shown below. Config at bottom of email. Then have to clear out cache directory,recreate and restart squid. Usually wait till there only 1 or 2 workers left and then do the lot. Would send a config but list end objects to size of email being >50K Rgds Alex 2012/01/06 11:46:55 kid8| Starting Squid Cache version 3.2.0.14-20111228-r11479 for x86_64-unknown-linux-gnu... 2012/01/06 11:46:55 kid8| Process ID 31974 2012/01/06 11:46:55 kid8| Process Roles: worker 2012/01/06 11:46:55 kid8| With 49152 file descriptors available 2012/01/06 11:46:55 kid8| Initializing IP Cache... 2012/01/06 11:46:55 kid8| DNS Socket created at 0.0.0.0, FD 7 2012/01/06 11:46:55 kid8| Adding nameserver 150.237.84.21 from squid.conf 2012/01/06 11:46:55 kid8| Adding nameserver 150.237.198.21 from squid.conf 2012/01/06 11:46:55 kid8| helperOpenServers: Starting 5/20 'helper- mux.pl' processes 2012/01/06 11:46:55 kid8| helperOpenServers: Starting 0/10 'basic_pam_auth' processes 2012/01/06 11:46:55 kid8| helperOpenServers: No 'basic_pam_auth' processes needed. 2012/01/06 11:46:55 kid8| Logfile: opening log daemon:/logs/access.log 2012/01/06 11:46:55 kid8| Logfile Daemon: opening log /logs/access.log 2012/01/06 11:46:55 kid8| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/06 11:46:55 kid8| Store logging disabled 2012/01/06 11:46:55 kid8| WARNING: disk-cache maximum object size is unlimited but mem-cache maximum object size is 32.00 KB 2012/01/06 11:46:55 kid8| Swap maxSize 4060160 + 262144 KB, estimated 332484 objects 2012/01/06 11:46:55 kid8| Target number of buckets: 16624 2012/01/06 11:46:55 kid8| Using 32768 Store buckets 2012/01/06 11:46:55 kid8| Max Mem size: 262144 KB [shared] 2012/01/06 11:46:55 kid8| Max Swap size: 4060160 KB 2012/01/06 11:46:55 kid8| Version 1 of swap file with LFS support detected... 2012/01/06 11:46:55 kid8| Rebuilding storage in /cache/8 (CLEAN) 2012/01/06 11:46:55 kid8| Using Least Load store dir selection 2012/01/06 11:46:55 kid8| Set Current Directory to /usr/local/squid/ var/cache/squid 2012/01/06 11:46:55 kid8| Loaded Icons. 2012/01/06 11:46:55 kid8| HTCP Disabled. 2012/01/06 11:46:55 kid8| IcmpSquid.cc(255) Open: Pinger socket opened on FD 24 2012/01/06 11:46:55 kid8| Ready to serve requests. 2012/01/06 11:46:55 kid8| Done reading /cache/8 swaplog (35 entries) 2012/01/06 11:46:55 kid8| Finished rebuilding storage from disk. 2012/01/06 11:46:55 kid8|35 Entries scanned 2012/01/06 11:46:55 kid8| 0 Invalid entries. 2012/01/06 11:46:55 kid8| 0 With invalid flags. 2012/01/06 11:46:55 kid8|35 Objects loaded. 2012/01/06 11:46:55 kid8| 0 Objects expired. 2012/01/06 11:46:55 kid8| 0 Objects cancelled. 2012/01/06 11:46:55 kid8| 0 Duplicate URLs purged. 2012/01/06 11:46:55 kid8| 0 Swapfile clashes avoided. 2012/01/06 11:46:55 kid8| Took 0.02 seconds (1772.87 objects/sec). 2012/01/06 11:46:55 kid8| Beginning Validation Procedure 2012/01/06 11:46:55 kid8| Completed Validation Procedure 2012/01/06 11:46:55 kid8| Validated 35 Entries 2012/01/06 11:46:55 kid8| store_swap_size = 13489710508802048.00 KB FATAL: xcalloc: Unable to allocate 18446744073664220870 blocks of 1 bytes! Squid Cache (Version 3.2.0.14-20111228-r11479): Terminated abnormally.
[squid-users] Re:Squid 3.2 snapshot ... vanishing processes
Well, managed to strip out all the comment and most blank lines in the config. This is still happening help!! Here's the config file auth_param basic program /usr/local/squid/libexec/basic_pam_auth -o auth_param basic children 10 auth_param basic realm wwwcache3-east Note: Your UserName must be of the form use...@hull.ac.uk auth_param basic credentialsttl 2 hours acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl WindowsUpdate dstdomain -i "/usr/local/squid/etc/windowsupdate.txt" acl BlockedUrls url_regex -i "/usr/local/squid/etc/blockedurls" acl McAfee dstdomain -i "/usr/local/squid/etc/McAfee.txt" acl Norton360 dstdomain -i "/usr/local/squid/etc/Norton360.txt" acl to_localdomain dstdomain hull.ac.uk acl to_newcomms dstdomain newcomms.hull.ac.uk acl must-route-directly dstdomain "/usr/local/squid/etc/direct.acl" acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com acl from_localhost src 127.0.0.1/32 acl to_hullnet dst 150.237.0.0/16 acl DOPOSTS method POST acl trustedhosts src 150.237.128.0/24 acl snmppublic snmp_community HullPublic acl zenoss src 150.237.128.173/32 acl mustauth proxy_auth REQUIRED acl to_wwwcache1-east dstdomain wwwcache1-east.hull.ac.uk acl to_wwwcache2-east dstdomain wwwcache2-east.hull.ac.uk acl to_wwwcache3-east dstdomain wwwcache3-east.hull.ac.uk acl to_wwwcache4-east dstdomain wwwcache4-east.hull.ac.uk acl to_wwwcache1-west dstdomain wwwcache1-west.hull.ac.uk acl to_wwwcache2-west dstdomain wwwcache2-west.hull.ac.uk acl to_wwwcache3-west dstdomain wwwcache3-west.hull.ac.uk acl from_wwwcache1-east srcdomain wwwcache1-east.hull.ac.uk acl from_wwwcache2-east srcdomain wwwcache2-east.hull.ac.uk acl from_wwwcache3-east srcdomain wwwcache3-east.hull.ac.uk acl from_wwwcache4-east srcdomain wwwcache4-east.hull.ac.uk acl from_wwwcache1-west srcdomain wwwcache1-west.hull.ac.uk acl from_wwwcache2-west srcdomain wwwcache2-west.hull.ac.uk acl from_wwwcache3-west srcdomain wwwcache3-west.hull.ac.uk acl to_slbrealsrv1 dstdomain slb-realsrv1.hull.ac.uk acl to_slbrealsrv2 dstdomain slb-realsrv2.hull.ac.uk acl to_slbrealsrv3 dstdomain slb-realsrv3.hull.ac.uk acl to_slbrealsrv4 dstdomain slb-realsrv4.hull.ac.uk acl to_slbrealsrv5 dstdomain slb-realsrv5.hull.ac.uk acl to_slbrealsrv6 dstdomain slb-realsrv6.hull.ac.uk acl alex-osx src 150.237.74.2/32 acl hullnet-banned src 150.237.11.0/24 acl hullnet-banned src 150.237.27.0/24 acl hullnet-banned src 150.237.29.0/24 acl hullnet-banned src 150.237.60.0/22 acl hullnet-banned src 150.237.139.0/24 acl hullnet-banned src 150.237.157.0/24 acl hullnet-banned src 150.237.161.0/24 acl hullnet-banned src 150.237.162.0/24 acl hullnet-banned src 150.237.163.0/24 acl hullnet-banned src 150.237.165.0/24 acl hullnet-banned src 150.237.166.0/24 acl hullnet-banned src 150.237.179.0/24 acl hullnet-banned src 150.237.184.0/22 acl hullnet-banned src 150.237.188.0/24 acl hullnet-banned src 150.237.189.0/24 acl hullnet-banned src 150.237.190.0/24 acl hullnet-banned src 150.237.207.0/25 acl hullnet-banned src 150.237.227.0/24 acl hullnet-banned src 150.237.72.0/26 acl hullnet-banned src 150.237.73.0/26 acl hullnet-banned src 150.237.226.128/25 acl hullnet-banned src 150.237.192.0/23 acl hullnet-banned src 150.237.167.0/24 acl hullnet-banned src 150.237.73.64/26 acl hullnet-banned src 150.237.73.128/26 acl from-maletl src 195.195.161.0/25 acl iplayer url_regex iplayer.bbc.co.uk acl worktime time MTWHF 08:00-17:00 acl PEERS srcdomain wwwcache2-east.hull.ac.uk wwwcache1- east.hull.ac.uk wwwcache4-east.hull.ac.uk acl PEERS srcdomain wwwcache1-west.hull.ac.uk wwwcache2- west.hull.ac.uk wwwcache3-west.hull.ac.uk acl PEERS srcdomain slb-realsrv1-east.hull.ac.uk acl localnet src 150.237.0.0/16 # acl SSL_ports port 443 acl SSL_ports port 444 acl SSL_ports port 563 acl SSL_ports port 8000 acl SSL_ports port 8443 acl SSL_ports port 2083 acl SSL_ports port 2087 acl SSL_ports port 2096 acl SSL_ports port 4643 acl SSL_ports port 9040 acl SSL_ports port 1863 acl SSL_ports port 3 acl SSL_ports port 1011 acl SSL_ports port 8030 acl SSL_ports port 8091 acl SSL_ports port 8010 acl SSL_ports port 2050 acl SSL_ports port 4443 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 443 563
[squid-users] receiving email from sqid users list
Not a squid query but I was under the impression that I should receive emails from the squid list having subscribed to it. At the moment the only way I can see if anyone has replied to a posting is to use a browser to look at the mail archive . who would I report this to? rgds Alex
[squid-users] Silly warning about over disk limits
Getting the following on my 3.2...79 snapshot:- 2012/01/11 10:18:30 kid2| NETDB state saved; 142 entries, 135 msec 2012/01/11 10:18:39 kid1| WARNING: Disk space over limit: 5258011484356608.00 KB > 1048576 KB 2012/01/11 10:18:50 kid1| WARNING: Disk space over limit: 5258011484356608.00 KB > 1048576 KB 2012/01/11 10:19:01 kid1| WARNING: Disk space over limit: 5258011484356608.00 KB > 1048576 KB 2012/01/11 10:19:12 kid1| WARNING: Disk space over limit: 5258011484356608.00 KB > 1048576 KB 2012/01/11 10:19:23 kid1| WARNING: Disk space over limit: 5258011484356608.00 KB > 1048576 KB 2012/01/11 10:19:34 kid1| WARNING: Disk space over limit: 5258011484356608.00 KB > 1048576 KB Config file has # # o.k. create a disk directory for every squid process under /cache # cache_dir aufs /usr/local/squid/var/cache/${process_number} 1024 64 256 As this is a test cache, just putting squid cache in a directory off root root@slb-realsrv1-east:/usr/local/squid/etc# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/slb--realsrv1--east-root 33285936 19623748 11971360 63% / tmpfs 4041632 0 4041632 0% /lib/init/rw varrun 4041632 104 4041528 1% /var/run varlock4041632 0 4041632 0% /var/lock udev 4041632 152 4041480 1% /dev tmpfs 4041632 61272 3980360 2% /dev/shm /dev/sda5 225806 98192115567 46% /boot tmpfs 4041632 2560 4039072 1% /lib/modules/ 2.6.28-19-server/volatile == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] assertion failed: comm.cc:1255: "isOpen(fd)" when shutting down squid 3.2 snapshot
Hi, excerpt from cache.log when running /usr/local/squid/sbin/squid -k shutdown 2012/01/12 10:45:59 kid7| Open FD READ/WRITE 82 apps.facebook.com:443 2012/01/12 10:45:59 kid7| Open FD READ/WRITE 83 apps.facebook.com:443 2012/01/12 10:45:59 kid7| Open FD READ/WRITE 84 http://s0.2mdn.net/2986074/PID_1802528_160x600.swf 2012/01/12 10:45:59 kid7| Squid Cache (Version 3.2.0.14-20111228- r11479): Exiting normally. 2012/01/12 10:45:59 kid7| assertion failed: comm.cc:1255: "isOpen(fd)" FATAL: Received Segment Violation...dying. 2012/01/12 10:45:59 kid7| storeDirWriteCleanLogs: Starting... nothing read from stdin nothing read from stdin nothing read from stdin nothing read from stdin nothing read from stdin Rgds Alex
[squid-users] Assertion failed error causing worker process to restart
Hi, Running squid 3.2 snapshot starting up with -SYC and seeing 2012/01/12 16:06:30 kid8| Beginning Validation Procedure 2012/01/12 16:06:30 kid8| UFSSwapDir::doubleCheck: MISSING SWAP FILE 2012/01/12 16:06:30 kid8| UFSSwapDir::dumpEntry: FILENO 0053D933 2012/01/12 16:06:30 kid8| UFSSwapDir::dumpEntry: PATH /cache1/8/13/ D9/0053D933 2012/01/12 16:06:30 kid8| StoreEntry->key: F6A9FB4E20007D04 2012/01/12 16:06:30 kid8| StoreEntry->next: 0 2012/01/12 16:06:30 kid8| StoreEntry->mem_obj: 0 2012/01/12 16:06:30 kid8| StoreEntry->timestamp: 4294967296 2012/01/12 16:06:30 kid8| StoreEntry->lastref: 16243941 2012/01/12 16:06:30 kid8| StoreEntry->expires: 2259152797697 2012/01/12 16:06:30 kid8| StoreEntry->lastmod: 1326384112 2012/01/12 16:06:30 kid8| StoreEntry->swap_file_sz: 1326384117 2012/01/12 16:06:30 kid8| StoreEntry->refcount: 1908 2012/01/12 16:06:30 kid8| StoreEntry->flags: SPECIAL ,REVALIDATE,DELAY_SENDING,CACHABLE,FWD_HDR_WAIT,NEGCACHED,BAD_LENGTH 2012/01/12 16:06:30 kid8| StoreEntry->swap_dirn: 0 2012/01/12 16:06:30 kid8| StoreEntry->swap_filen: 5495091 2012/01/12 16:06:30 kid8| StoreEntry->lock_count: 0 2012/01/12 16:06:30 kid8| StoreEntry->mem_status: 0 2012/01/12 16:06:30 kid8| StoreEntry->ping_status: 0 2012/01/12 16:06:30 kid8| StoreEntry->store_status: 0 2012/01/12 16:06:30 kid8| StoreEntry->swap_status: 2 2012/01/12 16:06:30 kid8| Completed Validation Procedure 2012/01/12 16:06:30 kid8| Validated 1 Entries 2012/01/12 16:06:30 kid8| store_swap_size = 1295300.00 KB 2012/01/12 16:06:30 kid8| assertion failed: store_rebuild.cc:115: "store_errors == 0" nothing read from stdin nothing read from stdin In cache.log Need a config file? Rgds Alex == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] FATAL: xcalloc: Unable to allocate 4282908673 blocks of 1 bytes! now appearing in 3.1.18
H, I've been running 3.1.16 on our prodn caches for a very long time. I've since moved to rolling out some 3.2.0.x boxes but haven't completely removed my 3.1.x caches just in case. squid 3.1.16 has been running without a problem for a long long time, in fact the only issies I've had are when the log directoy runs out of space. A few days ago I upgraded the remaining 3.1.16 boxes to 3.1.18. Today I've seen the following message:- 2012/01/13 12:55:39| NETDB state reloaded; 10 entries, 16 msec 2012/01/13 12:55:39| Ready to serve requests. 2012/01/13 12:55:39| Done reading /cache2 swaplog (4021 entries) 2012/01/13 12:55:39| Store rebuilding is 99.98% complete 2012/01/13 12:55:39| Done reading /cache3 swaplog (4096 entries) 2012/01/13 12:55:39| Finished rebuilding storage from disk. 2012/01/13 12:55:39| 8117 Entries scanned 2012/01/13 12:55:39| 0 Invalid entries. 2012/01/13 12:55:39| 0 With invalid flags. 2012/01/13 12:55:39| 8117 Objects loaded. 2012/01/13 12:55:39| 0 Objects expired. 2012/01/13 12:55:39| 0 Objects cancelled. 2012/01/13 12:55:39| 0 Duplicate URLs purged. 2012/01/13 12:55:39| 0 Swapfile clashes avoided. 2012/01/13 12:55:39| Took 0.13 seconds (62989.87 objects/sec). 2012/01/13 12:55:39| Beginning Validation Procedure 2012/01/13 12:55:39| Completed Validation Procedure 2012/01/13 12:55:39| Validated 16259 Entries 2012/01/13 12:55:39| store_swap_size = 6651517759165300736 FATAL: xcalloc: Unable to allocate 4282908673 blocks of 1 bytes! Squid Cache (Version 3.1.18): Terminated abnormally. .. which is what I see fairly frequently on my 3.2.0.x caches. This time, nothing has changed other than the S/W versio, all the configs are the same. == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] vanishing coordinator process in squid 3.2
Hi, I’m running 3.2.0.14…..build …91 on a number of servers and I’ve noticed that fairly frequently the coordinator process vanishes. There’s nothing in the logs to say that (in this case) kid9 ( 8 worker processes) terminated for any particular reason. I still have worker processes active and they still seem to be processing connections. At the moment I’m killing off the worker processes using kill -9 and just restarting everything with /usr/local/squid/sbin/squid –SYC So 1). Anything I can switch on logging wise to see why the process is vanishing 2). Is there a better way of restarting the coord process than killing everything and starting again? Rgds Alex == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
[squid-users] icmp6 error in squid 3.2.[456]
Hi all, I'm running squid 3.2.x on a 64b bit Ubuntu box configured to support both IPv4 and IPv6. When starting I get 2013/01/10 13:53:31 kid1| Set Current Directory to /usr/local/squid/var/cache/squid 2013/01/10 13:53:31 kid1| Loaded Icons. 2013/01/10 13:53:31 kid1| HTCP Disabled. 2013/01/10 13:53:31 kid1| Pinger socket opened on FD 12 2013/01/10 13:53:31 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 10 flags=9 2013/01/10 13:53:31| pinger: Initialising ICMP pinger ... 2013/01/10 13:53:31| pinger: ICMP socket opened. 2013/01/10 13:53:31| pinger: ICMPv6 socket opened (pinger): Address.cc:689: void Ip::Address::GetAddrInfo(addrinfo*&, int) const: Assertion `false' failed. 2013/01/10 13:53:31 kid1| Bad opcode: 112 from [6661:6c73:6522:2061:7420:6c69:6e65:2036] appearing. it's been there for a while, since 3.2.4 I think but possibly earlier and has appeared in 3.2.6 as well. Things still seem to work,but then again as this is personal squid playtoy, there's not much load on the server Rgds alex
[squid-users] netdbExchangeHandleReply: corrupt data, aborting
Sent this out a while back. Don't think I got any replies. Anyway, Still happening but now with squid 3.1.10/3.1.11 I'd like to do a phased upgrade to 3.1.x but don;t want to try it if I'm still getting these netdb errors Rgds Alex Hi, For a while now I've been running a squid 2.7stable7 service here (just upgraded to stable9) and thought I'd try out the 3.1.4 build on my test web cache. Although the test cache is linked into my production cache cluster as a sibling the universtiy access the cache service via a serveriron hardware load balancer which load balances traffic over all my 2.7.STABLE9 boxes. I access the test cache directly. Since this morning, when i upgraded to 3.1.4 I've been seeing the following in the 3.1.4 cache.log file 2010/06/21 12:14:12| storeLateRelease: released 0 objects 2010/06/21 12:14:33| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:14:33| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:14:41| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache3-east.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache1-west.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache3-west.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache1-east.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache1-west.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache3-west.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache3-east.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache1-east.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 12:54:11| NETDB state saved; 821 entries, 3 msec 2010/06/21 12:54:45| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:54:45| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:54:52| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:11:28| Detected DEAD Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 13:11:28| Detected DEAD Sibling: wwwcache2-west.hull.ac.uk 2010/06/21 13:11:28| Detected REVIVED Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 13:11:28| Detected REVIVED Sibling: wwwcache2-west.hull.ac.uk 2010/06/21 13:40:18| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:40:25| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:40:26| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:55:15| NETDB state saved; 821 entries, 3 msec Don't think I've seen this before. Web cache configs available if necessary. Anyone else trying to mix 2.7 and 3.1 siblings? Rgds
[squid-users] Assertion failed message then squid restart on 3.1.10 and 3.1.11
Hi, Looking for hints as to how to resolve the above problem. Occasionally I get 2011/02/10 09:25:42| assertion failed: htcp.cc:1350: "sz >= 0" 2011/02/10 09:25:52| Starting Squid Cache version 3.1.11 for x86_64- unknown-linux-gnu... Messages appearing in my cache.log. The server in question is a test box that is linked into my production ( 2.7.stable9) group of caches). I'd like to move to the 3.1 branch from 2.7 but am reluctant to do so while it occasionally breaks. Any pointers as to how I might resolve the above? I'm running squid on a 64 bit ubuntu (10.4) box with the following config #!/bin/bash ulimit -SHn 24576 ./configure --enable-snmp --enable-basic-auth-helpers="PAM" -- enable-cachemgr-hostname=slb-realsrv1-east --enable-htcp --enable- cache-digests --enable-async-io --prefix=/usr/local/squid --with- pthreads --enable-removal-policies --enable-ssl -with-openssl=/usr/ local/ssl --enable-linux-netfilter -with-large-files --with- maxfd=24576 --with-dl --enable-icmp --enable-poll --disable-ident- lookups --enable-truncate --enable-delay-pools --disable-ipv6 -- disable-loadable-modules Thanks Alex
[squid-users] netdbExchangeHandleReply: corrupt data, aborting
Sent this out a while back. Don't think I got any replies. Anyway, Still happening but now with squid 3.1.10/3.1.11 I'd like to do a phased upgrade to 3.1.x but don;t want to try it if I'm still getting these netdb errors Rgds Alex Hi, For a while now I've been running a squid 2.7stable7 service here (just upgraded to stable9) and thought I'd try out the 3.1.4 build on my test web cache. Although the test cache is linked into my production cache cluster as a sibling the universtiy access the cache service via a serveriron hardware load balancer which load balances traffic over all my 2.7.STABLE9 boxes. I access the test cache directly. Since this morning, when i upgraded to 3.1.4 I've been seeing the following in the 3.1.4 cache.log file 2010/06/21 12:14:12| storeLateRelease: released 0 objects 2010/06/21 12:14:33| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:14:33| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:14:41| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache3-east.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache1-west.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache3-west.hull.ac.uk 2010/06/21 12:18:59| Detected DEAD Sibling: wwwcache1-east.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache1-west.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache3-west.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache3-east.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache1-east.hull.ac.uk 2010/06/21 12:18:59| Detected REVIVED Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 12:54:11| NETDB state saved; 821 entries, 3 msec 2010/06/21 12:54:45| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:54:45| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 12:54:52| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:11:28| Detected DEAD Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 13:11:28| Detected DEAD Sibling: wwwcache2-west.hull.ac.uk 2010/06/21 13:11:28| Detected REVIVED Sibling: wwwcache4-east.hull.ac.uk 2010/06/21 13:11:28| Detected REVIVED Sibling: wwwcache2-west.hull.ac.uk 2010/06/21 13:40:18| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:40:25| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:40:26| netdbExchangeHandleReply: corrupt data, aborting 2010/06/21 13:55:15| NETDB state saved; 821 entries, 3 msec Don't think I've seen this before. Web cache configs available if necessary. Anyone else trying to mix 2.7 and 3.1 siblings? Rgds
[squid-users] Assertion failure in squid 3.1.15
Just upgraded a batch of caches to 3.1.15 and I'm seeing the occasional 2011/10/19 17:10:27| Reconfiguring Squid Cache (version 3.1.15)... 2011/10/19 17:10:27| FD 114 Closing HTTP connection 2011/10/19 17:10:27| FD 115 Closing HTTP connection 2011/10/19 17:10:27| FD 116 Closing HTTP connection 2011/10/19 17:10:27| FD 117 Closing ICP connection 2011/10/19 17:10:27| FD 118 Closing HTCP socket 2011/10/19 17:10:27| assertion failed: disk.cc:377: "fd >= 0" Thought this was fixed in an earlier patch for 3.1 Rgds Alex == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz