Hi Amos, Just to update you, I didnot only block the port 5222 and 5223, I also created a cache_peer_access dummy_host talk, then acl talk dstdomain .talk.google.com .talkx.l.google.com .talkgadget.google.com .talkgadget.google.com/talkgadget/popout www.google.com/talk/start.html and finally never_direct allow talk. I am expecting that talk cannot do any harm in this case. I am checking the performance and it seems it is working smooth right now. Below is the latest cache.log.
[r...@cproxybkup ~]# tail -f /var/log/squid/cache.log 2009/01/19 11:29:27| always_direct = 0 2009/01/19 11:29:27| never_direct = 1 2009/01/19 11:29:27| timedout = 0 2009/01/19 11:29:48| httpReadReply: Excess data from "POST http://gc8.meebo.org/mm?1232354121171894"; 2009/01/19 11:30:34| Failed to select source for 'http://talkgadget.google.com/talkgadget/popout' 2009/01/19 11:30:34| always_direct = 0 2009/01/19 11:30:34| never_direct = 1 2009/01/19 11:30:34| timedout = 0 2009/01/19 11:30:54| urlParse: Illegal character in hostname '%3ca%20href=http' 2009/01/19 11:31:06| httpReadReply: Excess data from "GET http://ahl-althog.com/vb/cron.php?rand=31296"; 2009/01/19 11:31:30| httpReadReply: Excess data from "GET http://98.136.60.161/tbm.php?_u=http%3a%2f%2flaunch.groups.yahoo.com%2fgroup%2fLPRST%2f%3fv%3d1%26t%3dsearch%26ch%3dweb%26pub%3dgroups%26sec%3dgroup%26slk%3d10&intl=us&dnst=209.73.164.118&dnsr=79.98.184.18&ns=&t=5880161"; regards, Wennie ----- Original Message ----- From: "Amos Jeffries" <[email protected]> To: "Wennie V. Lagmay" <[email protected]> Cc: "squid-users" <[email protected]> Sent: Monday, January 19, 2009 12:57:29 AM (GMT+0300) Asia/Kuwait Subject: Re: [squid-users] request for help Wennie V. Lagmay wrote: > Hi Amos, > > I have check at least 10 subscriber and we were able to talk to at least 3 of > them, they are all using Google talk. My solution is to block google talk > (port# tcp 5222, 5223) and will check what will happen. if this will work I > will create another proxy and permit google talk to that proxy just to > minimized the head each (at least google talker are the only one affected as > long as this problem is there). For now this is the only solution I can do, > any suggestions? > Okay. Looks like a bug in one or the other. If you can provide trace of the request sent by GoogleTalk as an 'enhancement' bug, we maybe able to come up with a hack for Squid to handle it. And yelling at google is a option at this point now that its narrowed to their software. Amos > Thanks and regards, > > Wennie > > > ----- Original Message ----- > From: "Amos Jeffries" <[email protected]> > To: "Leonardo Rodrigues Magalhães" <[email protected]> > Cc: "squid-users" <[email protected]> > Sent: Sunday, January 18, 2009 2:43:04 PM (GMT+0300) Asia/Kuwait > Subject: Re: [squid-users] request for help > > Leonardo Rodrigues Magalhães wrote: >> just as a hint .......... i'm tired of seeing Skype and Google Talk >> spewing bad things to squid. At least in my cases, i have never seen >> squid crashing because of that. The only bad thing is that cache.log >> gets full of binary trash ....... > > If your squid is old 2008 or before ;). The newer ones have fixed the > binary problem at least. > > See the "__" bits of Wennie's trace, which were once those binary 'crash > the log viewer' types we all hate so much. :) > > Amos > >> >> Wennie V. Lagmay escreveu: >>> Thank you very much, >>> >>> We will try to locate at least one subscriber and we will check. I >>> will report back as soon as we have the information to help others >>> (This problem kills 2 of my squid proxy) >>> >>> regards, >>> wennie >>> > > -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3
