[squid-users] Squid intemitently denies access to Valid ACLs

From: prasanth balakrishnan <pakshi_19@dont-contact.us>
Date: Mon, 09 Apr 2007 18:39:49 +0000

Hi All,

I have 2 linux Squid Proxy servers load balanced. Both are identically
configured. Squid 2.5 stable 6 installed. Server-1 returns access correctly
to valid requests

Buts Server-2 returns access to correct ACLs and sometimes DENIES access to
them even though the request comes for a valid subnet which is part of the
Squid.conf file.

Example of the access.log file shows as below. Here we see that all requests
come from 65.70.9.110. first 2 requests hit and the 3rd is a miss and the
4th is a denied even though its coming for a Valid IP

1175595771.100 39 65.70.9.110 TCP_MEM_HIT/200 5663 GET
http://Mysite.com/client.asp?id=12&retype=quote - NONE/- text/xml
1175595798.638 165 65.70.9.110 TCP_MEM_HIT/200 5663 GET
http://Mysite.com/client.asp?id=12&retype=quote - NONE/- text/xml
1175595806.932 139 65.70.9.110 TCP_MISS/200 22435 GET
http://Mysite.com/client.asp?id=12&retype=quote - DIRECT/162.8.64.60
text/xml
1175595883.824 87 65.70.9.110 TCP_DENIED/403 1447 GET
http://Mysite.com/client.asp?id=12&retype=quote - NONE/- text/html

Squid.conf has entries for this subnet
# grep 66.70.19 squid.conf

acl 12_IPs src 65.70.9.0/24

I also noticed that the Cache.log on server 2 continuously having the
following errors

2007/04/03 07:35:00| storeAufsOpenDone: (2) No such file or directory
2007/04/03 07:35:00| /newcache/04/76/0004762D
2007/04/03 07:35:09| storeAufsOpenDone: (2) No such file or directory
2007/04/03 07:35:09| /newcache/04/85/0004852B
2007/04/03 07:35:09| storeAufsOpenDone: (2) No such file or directory
2007/04/03 07:35:09| /newcache/06/C9/0006C98E

Server-1 has the same config entries and does not show DENIED entries for
Valid ACLs nor does its cache.log have the above errors

Squid.conf file sample is as below which is on both servers
**************************
http_port 80
cache_mem 512 MB
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server auth_param basic
credentialsttl 2 hours acl all src 0.0.0.0/0.0.0.0 http_reply_access allow
all icp_access allow all httpd_accel_host 161.9.61.13 httpd_accel_port 80
httpd_accel_uses_host_header on strip_query_terms off visible_hostname
cache.ccbn.com cachemgr_passwd secret all coredump_dir /var/spool/squid
#cache_dir aufs /cache 15000 32 256 cache_dir aufs /newcache 25000 32 256
#debug_options ALL,1 28,9 logfile_rotate 10 acl manager proto cache_object
acl localhost src 127.0.0.1 acl localnet src 161.9.0.0/16 acl localnet src
192.80.0.0/16 acl Safe_ports port 80 acl CONNECT method CONNECT http_access
allow localnet http_access allow manager localhost http_access deny manager
http_access deny !Safe_ports acl sample_feeds urlpath_regex -i compid=12
http_access allow sample_feeds cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log cache_swap_log
/var/log/squid/swap.log cache_effective_user squid

acl 12_IPs src 65.70.9.0/24^M
acl 12_CompID urlpath_regex -i compid=12^M http_access allow 12_compid
12_IPs^M acl 60675_IPs src 202.151.8.0/24^M acl 75_CompID urlpath_regex -i
compid=75^M http_access allow 75_compid 75_IPs^M

*****************************
Memory info on the server is as
[root@ccbnlappr04 /]# cat /proc/meminfo
MemTotal: 3115288 kB
MemFree: 47620 kB
Buffers: 278780 kB
Cached: 2137920 kB
SwapCached: 0 kB
Active: 2040760 kB
Inactive: 693752 kB
HighTotal: 2228200 kB
HighFree: 31232 kB
LowTotal: 887088 kB
LowFree: 16388 kB
SwapTotal: 2048152 kB
SwapFree: 2048008 kB
Dirty: 5508 kB
Writeback: 0 kB
Mapped: 333888 kB
Slab: 314960 kB
CommitLimit: 3605796 kB
Committed_AS: 635980 kB
PageTables: 3548 kB
VmallocTotal: 106488 kB
VmallocUsed: 2584 kB
VmallocChunk: 103408 kB
HugePages_Total: 0
HugePages_Free: 0
Hugepagesize: 2048 kB
*******************************
Any help will be greatly appreciated.

_________________________________________________________________
The idiot box is no longer passé; it's making news and how!
http://content.msn.co.in/Entertainment/TV/Default.aspx
Received on Mon Apr 09 2007 - 12:39:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT