On 04/08/17 16:56, mm wrote:
hi, i m also trying to configure squid proxy server in my ubuntu machine and
using version 3.3.8. i have used the same example as mentioned in your post.
but i am getting the following error :
2017/08/04 10:14:05| WARNING: -D command-line option is obsolete.


Your init script should not be using the -D option any more. Check that you are using the proper one from Ubuntu. If you are, then don't worry about this warning - it will disappear on a future upgrade of the init script (IIRC in Xenial).


2017/08/04 10:14:05| aclIpParseIpData: WARNING: Netmask masks away part of
the specified IP in '10.0.2.0/16'
2017/08/04 10:14:05| aclIpParseIpData: WARNING: Netmask masks away part of
the specified IP in '10.0.3.0/16'
2017/08/04 10:14:05| WARNING: (B) '10.0.0.0/16' is a subnetwork of (A)
'10.0.0.0/16'
2017/08/04 10:14:05| WARNING: because of this '10.0.0.0/16' is ignored to
keep splay tree searching predictable
2017/08/04 10:14:05| WARNING: You should probably remove '10.0.0.0/16' from
the ACL named 'localnet'
2017/08/04 10:14:05| WARNING: (B) '10.0.0.0/16' is a subnetwork of (A)
'10.0.0.0/8'
2017/08/04 10:14:05| WARNING: because of this '10.0.0.0/8' is ignored to
keep splay tree searching predictable
2017/08/04 10:14:05| WARNING: You should probably remove '10.0.0.0/16' from
the ACL named 'localnet'

All the above warnings seem to be from two problems.

1) I think you have left the default localnet ACL definition in while also adding your LAN 10.0.*.0/16 ranges.

2) the /16 on 10.0.2.0 and 10.0.3.0 masks away the '2' and '3' portion. Leaving these entries both as 10.0.0.0/16.

There are several ways to fix these:

either,
 mask the 10.0.x.0 ranges as the /24 they are:

  acl localnet src 10.0.2.0/24 10.0.3.0/24

or,
specify the start-end of the sub-subnet range within the /16 which you are using for your LAN:

  acl localnet src 10.0.2.0-10.0.3.255/16

or,
 list the whole /16 (what Squid is currently assuming you meant to do):

  acl localnet src 10.0.0.0/16

or,
leave the default Squid definition for RFC 1918 ranges provided and not configure your specific RFC 1918 sub-ranges.

If you choose anything but the last option, remove the default localnet definition specifying all of 10/8 as localnet, and probably the other IPv4 ranges as well. The IPv6 ranges you will need to look into and make a decision about.


2017/08/04 10:14:05| Starting Squid Cache version 3.3.8 for
x86_64-pc-linux-gnu...
2017/08/04 10:14:05| Process ID 3891
2017/08/04 10:14:05| Process Roles: master worker
2017/08/04 10:14:05| With 65536 file descriptors available
2017/08/04 10:14:05| Initializing IP Cache...
2017/08/04 10:14:05| DNS Socket created at [::], FD 5
2017/08/04 10:14:05| DNS Socket created at 0.0.0.0, FD 6
2017/08/04 10:14:05| Warning: Could not find any nameservers. Trying to use
localhost
2017/08/04 10:14:05| Please check your /etc/resolv.conf file
2017/08/04 10:14:05| or use the 'dns_nameservers' option in squid.conf.


That one is a semi-serious issue on Ubuntu. resolv.conf not being setup properly with "nameserver ..." entries will break a huge amount of things.

If it is unset because your network connection is dynamic and currently offline, then you WILL need to run "squid -k reconfigure" each time it gets connected and changes resolv.conf contents.

NOTE: avoid "service squid reload" from upstart (and later systemd) - that way leads to some bad troubles with Squid-3.


2017/08/04 10:14:05| helperOpenServers: Starting 5/5 'ext_session_acl'
processes
2017/08/04 10:14:05| Logfile: opening log daemon:/var/log/squid3/access.log
2017/08/04 10:14:05| Logfile Daemon: opening log /var/log/squid3/access.log
2017/08/04 10:14:05| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2017/08/04 10:14:05| Store logging disabled
2017/08/04 10:14:05| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2017/08/04 10:14:05| Target number of buckets: 1008
2017/08/04 10:14:05| Using 8192 Store buckets
2017/08/04 10:14:05| Max Mem  size: 262144 KB
2017/08/04 10:14:05| Max Swap size: 0 KB
2017/08/04 10:14:05| Using Least Load store dir selection
2017/08/04 10:14:05| chdir: /var/spool/squid: (2) No such file or directory
2017/08/04 10:14:05| Current Directory is /home/misha
2017/08/04 10:14:05| Loaded Icons.
2017/08/04 10:14:05| HTCP Disabled.
2017/08/04 10:14:05| Pinger socket opened on FD 21
2017/08/04 10:14:05| Configuring Parent 10.0.0.2/3128/0
2017/08/04 10:14:05| Squid plugin modules loaded: 0
2017/08/04 10:14:05| Adaptation support is off.
2017/08/04 10:14:05| Accepting HTTP Socket connections at local=[::]:3128
remote=[::] FD 19 flags=9
2017/08/04 10:14:05| WARNING: session #2 exited
2017/08/04 10:14:05| Too few session processes are running (need 1/5)
2017/08/04 10:14:05| Closing HTTP port [::]:3128
2017/08/04 10:14:05| storeDirWriteCleanLogs: Starting...
2017/08/04 10:14:05|   Finished.  Wrote 0 entries.
2017/08/04 10:14:05|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The session helpers are crashing too rapidly, need help!


My squid.conf file is as follows:
acl localnet src 10.0.2.0/16
acl localnet src 10.0.3.0/16

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid

## addition for splash page active##
external_acl_type session ipv4 concurrency=100 ttl=3 %SRC
/usr/lib/squid/ext_session_acl -T 60 -b /var/lib/squid/session.db
acl session_login external session LOGIN
acl session_is_active external session
acl clicked_login_url url_regex -i
^https://www.drdo.gov.in/drdo/English/index.jsp$
http_access allow clicked_login_url session_login
http_access deny !session_is_active
deny_info 511:/etc/squid3/splash.html session_is_active


Pls tell me what going wrong??



First massive problem is the helpers existing. They should not be doing that until Squid kills them on reconfigure or shutdown.

Check the helpers session DB (/var/lib/squid/session.db) has been properly initialized and the helpers are able to both read and write to it when run by Squid with its low-privilege user account - on Ubuntu that should be the user account "proxy".



Second major problem (not causing you problem yet, but it will) is that you placed the splash page config *after* the "http_access deny all" line. So none of it will actually ever do anything.

The lines where it says:
  http_access allow localnet
  http_access allow localhost

are in a section of the config for local policy rules. As you might expect the default policy is to let localnet clients and localhost use the proxy.
You can freely replace or add to those two lines with any settings you like.

FWIW: that is a bit clearer in the 3.5 default config file. You can replace the 3.3 config with the 3.5 updated version if you want:
 <https://wiki.squid-cache.org/Squid-3.5#Squid-3.5_default_config>

To use the splash page stuff remove the "allow localnet" line and paste the splash config just below where it says "INSERT YOUR OWN RULE(S) HERE"


Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to