Re: Fw: Re: [squid-users] squid error message

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 12 Aug 2009 16:39:55 +1200

Jigar Raval wrote:
> Hello,
>
> In continutation to my previous mail about squid cache error log, We have
> observed that this is happend due to port 80 forwarding to 3128 using
> iptables. We removed the line from iptables and the error is now not
> in cache log fine. We have blocked all the port 80 request through iptables. All the request must go through squid. We are using non-transparent proxy.
>
> Now, the other log entry in cache log which was previously not there
>
> httpReadReply: Excess data from
>
> as well as some of the time ALL dnsserver are busy this also appear in dns. We are using dns_server in squid.conf.
>
> Is it related to our chages to port 80 OR Any other problem ? We are trying to understand. How to resolve it ?

This is two problems.

  The "Excess data from" is due to some clients pushing more data down
into Squid than they indicate in the HTTP headers. This is better known
as a data smuggling attack. I suggest you find out which clients are
doing this and why.

The second issue about "dnsserver" is due to an overload of the DNS
helpers which are obsolete since Squid-2.3.
http://wiki.squid-cache.org/Features/Dnsserver
I would suggest using a current Squid without the --disable-internal-dns
configure option.

>
> Regards
> Jigar
>
>
>
>
>
> --- On Wed, 7/22/09, Jigar Raval <ojigar_at_yahoo.com> wrote:
>
>> From: Jigar Raval <ojigar_at_yahoo.com>
>> Subject: Re: [squid-users] squid error message
>> To: squid-users_at_squid-cache.org
>> Cc: "Amos Jeffries" <squid3_at_treenet.co.nz>
>> Date: Wednesday, July 22, 2009, 2:40 AM
>> Hello,
>>
>> The cache log show following
>>
>>
>> clientReadRequest: FD 277 (192.168.1.142:49241) Invalid
>> Request
>>
>> Should i upgrade with new squid version ?
>>
>> Regards
>>
>> Jigar
>>
>>
>> --- On Wed, 7/22/09, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>
>>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>>> Subject: Re: [squid-users] squid error message
>>> To: "Jigar Raval" <ojigar_at_yahoo.com>
>>> Cc: squid-users_at_squid-cache.org
>>> Date: Wednesday, July 22, 2009, 1:43 AM
>>> Jigar Raval wrote:
>>>> Hello,
>>>>
>>>> We have configure squid and we are getting
>> following
>>> type of erro in log file
>>>> TCP_DENIED/400 0 HEAD error:invalid-request -
>> NONE/-
>>> text/html
>>>> This is especially appears to be related with
>> windows
>>> vista update. We are getting lots of such error
>> messages.
>>>> What could be the reason ? How to solve this?
>>> Some client opened a TCP link to Squid. Started
>> sending a
>>> HEAD request but before it finished sending the
>> request
>>> headers it closed the link or died.
>>>
>>> This is no problem with Squid, but something bad at
>> the
>>> client end or network between client and Squid.
>>> cache.log may have more info on what happened if
>> anything
>>> more is known to Squid than a simple disconnection.
>>>
>>> Amos
>>> -- Please be using
>>> Current Stable Squid 2.7.STABLE6 or
>> 3.0.STABLE16
>>> Current Beta Squid 3.1.0.10 or
>> 3.1.0.11
>>
>>
>>
>
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Wed Aug 12 2009 - 04:40:02 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 13 2009 - 12:00:03 MDT