I'm running Squid 2.5 Stable1 on Redhat Linux 9.0, kernel 2.4.20-18. Our cache is running fine until we use a vulnerability scanner (Nessus). Nessus has many vulnerability scans, but one set of the scans check for httpd vulnerabilities. When we start the scan of another network, the router (via WCCP) intercepts the http requests and forwards them to the squid box. Eventually (somewhere between 1 minute and 30 minutes), the squid box stops forwarding back out requests and the clients don't get their web requests fulfilled and then the screaming starts ;-)
A couple of notes: o We are not scanning the squid box directly. We are scanning machines elsewhere on the network and the http requests (that are part of some of the vulnerability scans) get redirected to the web cache. o Thinking that the squid box would lock up because of something in the scans themselves, we scanned the squid box directly and it kept humming along just fine. o We use WCCP version 1 off a Cisco 6500 running 12.1.13. We do not configure the clients to use a proxy. o It all works fine until the scans start and it seems to ride them out for a little while. We can easily (unfortunately) recreate the problem. o The box is not overwhelmed - the nessus scanner only sends out an http request as part of its scan every second or so. o No errors are reported in the squid logs that I can find that would indicate a problem. o WCCP continues to work because the router thinks it has a good cache engine and sends it request, but the squid box just "eats" them. o We have temporarily solved this by putting an access list on the router telling the router not to redirect http packets from the nessus machines to the squid cache. However, this is not a feasible long term solution as others on our campus of 25,000 may do a nessus scan from somewhere and then our cache engine will die. Has anyone else witnessed this problem? I have searched the archives for related issues and found none :-( Thank you --Greg Redder Network Analyst Colorado State University =============================================================================== Greg Redder Academic Computing & Networking Services Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958 601 S. Howes, Room 625 E-mail: [EMAIL PROTECTED] Fort Collins, CO 80523 PGP Fprint:299F83B58A72BE7428E064E801749C69FFA537C6 ===============================================================================
