Re: Strange acl prob / possibly a bug

No idea about this? The problem is still present, and my users are still
complaining.

----- Original Message -----
From: "Matthias Barnutz" <barney@nef.wh.uni-dortmund.de>
To: <squid-users@ircache.net>
Sent: Friday, February 25, 2000 12:11 AM
Subject: Strange acl prob / possibly a bug

> Hi!
>
> I have a very strange problem with Access Lists and http_access. In my
> opinion, it seems to be a bug.
>
> After squid running a few hours or a few days, suddenly it answers
requests
> from some clients with TCP_DENIED. After doing a "squid -k reconfigure"
> everything works fine again. Until the next time.
>
> System:
> Linux 2.2.12 i586
> Squid Object Cache: Version 2.3.STABLE1
>
> The squid config file contains only three http_access entries:
>
> http_access allow paid
> http_access allow figge unido
> http_access deny all
>
> Here are the corresponding acl lines:
>
> acl all src 0.0.0.0/0.0.0.0
> acl figge src 129.217.240.0/255.255.254.0 129.217.255.128/255.255.255.192
> 129.217.255.248/255.255.255.248
> acl unido dstdomain .uni-dortmund.de
> acl paid src "/etc/squid.clients"
>
> In words: Requests from IPs, which are written into the file
> /etc/squid.clients, should be allowed everytime and to every destination.
> All hosts from the mentioned subnets may access all destinations in the
> mentioned dstdomain. And all other accesses should be denied.
>
> The file /etc/squid.clients looks like this (sample):
>
> 129.217.240.38
> 129.217.240.82
> 129.217.240.140
> 129.217.240.87
> 129.217.240.112
>
> Just the IP-addresses, unsorted. In total, about 400 entries.
>
> What happens is, that suddenly all requests from some hosts, with source
IP
> addresses listet in the file, are denied (TCP_DENIED). After doing a
> reconfigure, requests from the same hosts are allowed again. But
> /etc/squid.clients hasn't changed meanwhile. If /etc/squid.clients is
> changed, a reconfigure is done automatically. In the cache.log file there
> aren't any uncommon events. The hosts, from which requests are denied, are
> not always the same.
>
> Anyone has any idea what could be this? Has anyone had the same problem?
>
> I'm sorry that I actually can not provide more information, like log file
> fragments. Squid is running on a production system, and I have not the
> resources to turn on full debugging. There are many requests, and the
> logfile grows very fast if debugging is turned on (even if only acl
> debugging is turned on). And, actually I do a "squid -k reconfigure" every
> hour by a cronjob, so the problem at the moment is not present, and
there's
> nothing to log. But this is not a solution. Or is there something wrong
with
> the acl configuration?
>
> Maybe someone could "simulate" this scenario in his "lab" and track down
the
> problem ...
>
> Thanks for your help.
>
> Kind regards,
>
> Matthias
>
> --
> Matthias Barnutz, University of Dortmund, Germany
> http://www.nef.wh.uni-dortmund.de/~barney
> ICQ: 12031262
>
>
Received on Sat Mar 04 2000 - 16:40:20 MST