Re: [squid-users] Pseudo-random 403 Forbidden... from John Doe on 2008-07-07 (squid-users)

From: John Doe <jdmls_at_yahoo.com>
Date: Mon, 7 Jul 2008 10:41:59 -0700 (PDT)

Hi again...

I don't know what happened (if I changed something
or if I wrongfuly thought it was fixed) but the siblings are not
talking anymore... at all. :(
No error message, no denied...

So let's start from the begining...

configure --prefix=$PREFIX \
--enable-time-hack \
--enable-underscores \
--with-pthreads \
--enable-storeio="aufs,coss,diskd,null,ufs" \
--enable-removal-policies="heap,lru" \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--enable-snmp \
--enable-cachemgr-hostname=localhost \
--enable-arp-acl \
--enable-ssl \
--enable-cache-digests \
--enable-epoll \
--enable-linux-netfilter \
--disable-ident-lookups \
--disable-internal-dns \
--with-large-files \
--with-maxfd=65535

Do I miss something?
Do I need any of these too for siblings to talk? --enable-icmp, --enable-htcp, --enable-forw-via-db...

Here's a minimal conf for squid1:

pid_filename /var/run/squid1.pid
cache_effective_user jd
cache_effective_group jd
unique_hostname Squid1

access_log /home/jd/squid/var/log/squid1/access.log squid
cache_log /home/jd/squid/var/log/squid1/cache.log
cache_store_log /home/jd/squid/var/log/squid1/store.log

cache_dir ufs /home/jd/squid/var/spool/squid1 256 16 32
cache_mem 128 MB

http_port 192.168.17.11:8000 accel defaultsite=toto act-as-origin vhost
cache_peer 127.0.0.1 parent 8081 0 no-query originserver no-digest
no-netdb-exchange max-conn=256 front-end-https=auto name=apache
cache_peer 192.168.17.12 sibling 8000 3130 proxy-only name=squid2
cache_peer 192.168.17.13 sibling 8000 3130 proxy-only name=squid3
cache_peer 192.168.17.14 sibling 8000 3130 proxy-only name=squid4

icp_port 3130
udp_incoming_address 192.168.17.11
udp_outgoing_address 255.255.255.255

acl all src 0.0.0.0/0
acl from_all src 0.0.0.0/0
acl from_localhost src 127.0.0.1/32
acl from_localnetA src 10.0.0.0/8
acl from_localnetB src 172.16.0.0/12
acl from_localnetC src 192.168.0.0/16
acl to_all dst 0.0.0.0/0
acl to_localhost dst 127.0.0.0/24
acl to_localnetA dst 10.0.0.0/8
acl to_localnetB dst 172.16.0.0/12
acl to_localnetC dst 192.168.0.0/16
acl Safe_ports port 80 81 82 83 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
acl Safe_ports port 1025-65535 # unregistered ports
acl SSL_ports port 443 # https
acl CONNECT method CONNECT
acl manager proto cache_object
acl purge method PURGE

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow from_localnetC

http_access allow manager from_localhost
http_access allow manager from_localnetA
http_access allow manager from_localnetB
http_access allow manager from_localnetC
http_access deny manager

http_access allow purge from_localhost
http_access allow purge from_localnetA
http_access allow purge from_localnetB
http_access allow purge from_localnetC
http_access deny purge

icp_access allow from_localnetC
icp_access deny all
cache_peer_access apache allow from_localnetC
cache_peer_access apache deny all
miss_access allow from_localnetC
miss_access deny all

http_access allow all
http_reply_access allow all

header_access Cache-Control deny all
header_replace Cache-Control max-age=864000

The cache.log:

2008/07/07 19:23:42| Starting Squid Cache version 2.7.STABLE3 for i686-pc-linux-gnu...
2008/07/07 19:23:42| Process ID 27245
2008/07/07 19:23:42| With 1024 file descriptors available
2008/07/07 19:23:42| Using epoll for the IO loop
2008/07/07 19:23:42| helperOpenServers: Starting 5 'dnsserver' processes
2008/07/07 19:23:42| logfileOpen: opening log /home/jd/squid/var/log/squid1/useragent.log
2008/07/07 19:23:42| logfileOpen: opening log /home/jd/squid/var/log/squid1/referer.log
2008/07/07 19:23:42| logfileOpen: opening log /home/jd/squid/var/log/squid1/access.log
2008/07/07 19:23:42| Unlinkd pipe opened on FD 17
2008/07/07 19:23:42| Swap maxSize 262144 KB, estimated 20164 objects
2008/07/07 19:23:42| Target number of buckets: 1008
2008/07/07 19:23:42| Using 8192 Store buckets
2008/07/07 19:23:42| Max Mem size: 131072 KB
2008/07/07 19:23:42| Max Swap size: 262144 KB
2008/07/07 19:23:42| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/07/07 19:23:42| logfileOpen: opening log /home/jd/squid/var/log/squid1/store.log
2008/07/07 19:23:42| Rebuilding storage in /home/jd/squid/var/spool/squid1 (DIRTY)
2008/07/07 19:23:42| Using Least Load store dir selection
2008/07/07 19:23:42| Current Directory is /
2008/07/07 19:23:42| Loaded Icons.
2008/07/07 19:23:42| Accepting accelerated HTTP connections at 192.168.17.11, port 8000, FD 18.
2008/07/07 19:23:42| Accepting ICP messages at 192.168.17.11, port 3130, FD 19.
2008/07/07 19:23:42| Accepting SNMP messages on port 3401, FD 20.
2008/07/07 19:23:42| WCCP Disabled.
2008/07/07 19:23:42| WARNING: failed to resolve 192.168.17.11 to a fully qualified hostname
2008/07/07 19:23:42| Configuring apache Parent apache/8081/0
2008/07/07 19:23:42| Configuring squid2 Sibling squid2/8000/3130
2008/07/07 19:23:42| Configuring squid3 Sibling squid3/8000/3130
2008/07/07 19:23:42| Configuring squid4 Sibling squid4/8000/3130
2008/07/07 19:23:42| Ready to serve requests.
2008/07/07 19:23:43| Done scanning /home/jd/squid/var/spool/squid1 (0 entries)
2008/07/07 19:23:43| Finished rebuilding storage from disk.
2008/07/07 19:23:43| 0 Entries scanned
2008/07/07 19:23:43| 0 Invalid entries.
2008/07/07 19:23:43| 0 With invalid flags.
2008/07/07 19:23:43| 0 Objects loaded.
2008/07/07 19:23:43| 0 Objects expired.
2008/07/07 19:23:43| 0 Objects cancelled.
2008/07/07 19:23:43| 0 Duplicate URLs purged.
2008/07/07 19:23:43| 0 Swapfile clashes avoided.
2008/07/07 19:23:43| Took 0.6 seconds ( 0.0 objects/sec).
2008/07/07 19:23:43| Beginning Validation Procedure
2008/07/07 19:23:43| Completed Validation Procedure
2008/07/07 19:23:43| Validated 0 Entries
2008/07/07 19:23:43| store_swap_size = 0k
2008/07/07 19:23:43| storeLateRelease: released 0 objects

And now I only gets FIRST_UP_PARENTs:

1215451931.331 1 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/spain.gif - FIRST_UP_PARENT/apache image/gif
1215451931.342 0 192.168.17.11 TCP_MISS/200 438 HEAD http://127.0.0.1/img/greece.gif - FIRST_UP_PARENT/apache image/gif
1215451931.487 0 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/sweden.gif - FIRST_UP_PARENT/apache image/gif
1215451931.612 0 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/usa.gif - FIRST_UP_PARENT/apache image/gif
1215451931.711 0 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/portugal.gif - FIRST_UP_PARENT/apache image/gif
1215451931.723 1 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/polska.gif - FIRST_UP_PARENT/apache image/gif
1215451931.829 1 192.168.17.11 TCP_MISS/200 438 HEAD http://127.0.0.1/img/china.gif - FIRST_UP_PARENT/apache image/gif
1215451931.839 1 192.168.17.11 TCP_MISS/200 438 HEAD http://127.0.0.1/img/italia.gif - FIRST_UP_PARENT/apache image/gif
1215451934.924 1 192.168.17.11 TCP_CLIENT_REFRESH_MISS/200 437 HEAD http://127.0.0.1/img/greece.gif - FIRST_UP_PARENT/apache image/gif
1215451934.990 0 192.168.17.11 TCP_MISS/200 438 HEAD http://127.0.0.1/img/denmark.gif - FIRST_UP_PARENT/apache image/gif
1215451935.059 1 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/finland.gif - FIRST_UP_PARENT/apache image/gif
1215451935.138 0 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/russia.gif - FIRST_UP_PARENT/apache image/gif
1215451935.198 1 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/brasil.gif - FIRST_UP_PARENT/apache image/gif
1215451935.209 1 192.168.17.11 TCP_CLIENT_REFRESH_MISS/200 436 HEAD http://127.0.0.1/img/portugal.gif - FIRST_UP_PARENT/apache image/gif
1215451938.595 1 192.168.17.11 TCP_CLIENT_REFRESH_MISS/200 436 HEAD http://127.0.0.1/img/sweden.gif - FIRST_UP_PARENT/apache image/gif
1215451938.661 1 192.168.17.11 TCP_CLIENT_REFRESH_MISS/200 436 HEAD http://127.0.0.1/img/finland.gif - FIRST_UP_PARENT/apache image/gif
1215451938.672 0 192.168.17.11 TCP_MISS/200 437 HEAD http://127.0.0.1/img/japan.gif - FIRST_UP_PARENT/apache image/gif
1215451938.993 1 192.168.17.11 TCP_CLIENT_REFRESH_MISS/200 437 HEAD http://127.0.0.1/img/china.gif - FIRST_UP_PARENT/apache image/gif

Help!
JD.

PS: since I compiled with --disable-internal-dns, why does he "Starting 5 'dnsserver' processes"

Received on Mon Jul 07 2008 - 17:42:12 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 07 2008 - 12:00:04 MDT