Re: [squid-users] Squid2.7STABLE6 with smoothwall ...

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 03 Dec 2009 01:07:44 +1300

You have several problems....

Asim Ahmed @ Folio3 wrote:
> Hi Amos,
>
> here is the full text available in cache.log (sorry if i m making a
> mess) but i hope it will help u to help me:) thanks for other suggestion
> about timed access etc. I'll definitely incorporate those.
>
> 2009/12/01 09:02:49| Starting Squid Cache version 2.7.STABLE5 for
> i686-pc-linux-gnu...
<snip>
> 2009/12/01 09:02:51| storeLateRelease: released 0 objects
> 2009/12/01 10:05:47| httpReadReply: Excess data from "GET http://mi
> rrorsearch.speedbit.com/cgi-bin/MirrorSearch.dll?ver12?Scheme=3&Site=download.microsoft.com&Path=/download/3/7/d/37dbe54d-c4b4-49c1-81ab-f1360bea35b9/SQLServer2005SP2-KB921896-x86-ENU.exe&Filename=SQLServer2005SP2-KB921896-x86-ENU.exe&Size=4294967295&SizeHigh=4294967295&Pos=0&PosHigh=0&Country=&Region=&R=0&Advanced=1&Checksum=&BPS=0&V=9.3.0.3&DMD=645753342976b3ef7547c4d8dbef68db&D4=Zmd5Yw==&REF=http://www.microsoft.com/downloads/details.aspx%3fFamilyId=D07219B2-1E23-49C8-8F0C-63FA18F26D3A%26displaylang=en&TS_HAS=3.395552&TS_LAS=0.916821&TS_AAS=1.166554&Aff=CNET&DLStyle=0&MID=e0RENjE2NjU2LTRDMEUtNGJiZS04ODA1LTIxQTY3QTZDQkQyOX17NUM5RTE3RTMtQUExQS00MGRlLTkxNDctQzVDODJGQUE3RThFfQ==&SS=Qr0SS5LfCkB3RUFBAQDZFAGA1l5FAAAA&SE=ARkAjWkHABkAKgQAABwAjQIAABwAKgIAACAAjQQAASEAjWkHACIAKgQAACIAjQIAACIAKgIAAAMAjQQAAQQAjWkHAAUAKgQAAAUAjQIAAAoAKgIAA7sOFEtfACMAjQQA&SN=1&SV=4&TS_DInfo=t+AA
> AAAAAAAAAAAAAAAAANKTE0sWOgAAAAAAAABYaEEAAAAAzJYTSw=="

MINOR.

Excess data indicates a DoS attack on Squid (maybe unintentional). The
web server being contacted sent Squid details indicating the request is
X bytes long then pushes X+N bytes into Squid.

Squid will abandon the request and return the "Invalid Reply" error to
the client browser.

There is nothing you can do except complain to the website admin and
hope they fix it fast.

> 2009/12/01 10:16:44| parseHttpRequest: Unsupported method '^C^]��~@'
> 2009/12/01 10:16:44| clientTryParseRequest: FD 24 (192.168.4.125:2841)
> Invalid Request

MINOR.

Squid is receiving some garbage. Since you have transparent proxy this
is also very likely. There are things using port 80 for non-HTTP traffic.

This is annoying but normal, and not a cause for much worry. Though you
may want to track down who it was and get them to use some more polite
software.

> 2009/12/01 10:18:25| Preparing for shutdown after 520 requests
> 2009/12/01 10:18:25| Waiting 5 seconds for active connections to finish
> 2009/12/01 10:18:25| FD 14 Closing HTTP connection
> 2009/12/01 10:18:29| Starting Squid Cache version 2.7.STABLE5 for
> i686-pc-linux-gnu...

... Squid goes through three normal restart cycles over the next 24 hours...

> 2009/12/01 18:20:52| storeDirWriteCleanLogs: Starting...
> 2009/12/01 18:20:52| Finished. Wrote 6944 entries.
> 2009/12/01 18:20:52| Took 0.0 seconds (2042352.9 entries/sec).
> FATAL: diskd exited unexpectedly
> Squid Cache (Version 2.7.STABLE5): Terminated abnormally.

MAJOR.

diskd suddenly starts repeatedly failing hard.

You might have:
  * run out of drive space
  * disk corruption
  * cache directories missing
  * suddenly changing access permissions to the squid cache

... a few more of those disk failures and some other service grabs port
80 for itself blocking Squid from even starting...

This is a second MAJOR problem.

> 2009/12/01 23:10:32| commBind: Cannot bind socket FD 14 to
> 192.168.4.123:800: (99) Cannot assign requested address
> FATAL: Cannot open HTTP Port
> Squid Cache (Version 2.7.STABLE5): Terminated abnormally.

.. a few more of those and Something fixes it. Squid goes back to normal...

> 2009/12/01 23:34:21| Starting Squid Cache version 2.7.STABLE5 for
> i686-pc-linux-gnu...

That continues nicely for about a day, one reconfigure causes some
warnings about missing cache directory. Then diskd starts complaining
yet again...

> 2009/12/02 15:46:01| Starting Squid Cache version 2.7.STABLE5 for
> i686-pc-linux-gnu...
> 2009/12/02 15:47:52| Took 0.0 seconds (1023333.3 entries/sec).
> FATAL: diskd exited unexpectedly
> Squid Cache (Version 2.7.STABLE5): Terminated abnormally.

> 2009/12/02 15:49:40| Starting Squid Cache version 2.7.STABLE5 for
> i686-pc-linux-gnu...

... and the port becomes used by something else...

> 2009/12/02 15:49:40| commBind: Cannot bind socket FD 14 to
> 192.168.4.102:800: (99) Cannot assign requested address
> FATAL: Cannot open HTTP Port
> Squid Cache (Version 2.7.STABLE5): Terminated abnormally.

... and so on...

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.15
Received on Wed Dec 02 2009 - 12:08:04 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 02 2009 - 12:00:01 MST