Re: [squid-users] Squid + Trendmicro

On Wed, Sep 23, 2009 at 1:27 PM, Luis Daniel Lucio Quiroz
<luis.daniel.lucio_at_gmail.com> wrote:
> Le lundi 7 septembre 2009 01:04:49, Amos Jeffries a écrit :
>> Luis Daniel Lucio Quiroz wrote:
>> > Hi all,
>> >
>> > Well, I have a really big problem,  We have deployed a Squid with digest
>> > auth + LDAP, it was work perfectly but other department has installed a
>> > Trendmicro antivirii solution.
>> >
>> > Well the problem is that when trendmicro cliend ask squid to access an
>> > url, it fails in first acl related with auth.
>> >
>> > My log is this:
>> > Request:
>> > 2009/09/05 23:56:30.829| parseHttpRequest: Request Header is
>> > Host: licenseupdate.trendmicro.com:80
>> > User-Agent: Mozilla/4.0 (compatible;MSIE 5.0; Windows 98)
>> > Accept: */*
>> > Pragma: no-cache
>> > Cache-Control: no-cache,no-store
>> > Proxy-Authorization: Digest username="avedstrend", realm="XXX",
>> > nonce="/kCjSgAAAAB4/JcCAAAAAKLZuWMAAAAA", uri
>> > ="http://licenseupdate.trendmicro.com:80/ollu/license_update.aspx?Protoco
>> >l_version=1&AC=OSVMX49VN7GTUMQ8QYQAX
>> > SGJ72QENXK&Product_Code=OS&AP_Name=OC&OS=WW&Language=E&Product_Version=R3
>> >CnAGQAyAA", response="5bd515897ca2f1
>> > 84b196eae2fafc654a"
>> > Proxy-Connection: Keep-Alive
>> > Connection: Close
>> >
>> >
>> > Acl who fails:
>> > 2009/09/05 23:56:30.832| ACLChecklist::preCheck: 0x146e1b0 checking
>> > 'http_access deny !plUexception !plU'
>> > 2009/09/05 23:56:30.832| ACLList::matches: checking !plUexception
>> > 2009/09/05 23:56:30.832| ACL::checklistMatches: checking 'plUexception'
>> > 2009/09/05 23:56:30.832| authenticateAuthenticate: no connection
>> > authentication type
>> > 2009/09/05 23:56:30.832| AuthUserRequest::AuthUserRequest: initialised
>> > request 0x189cc30
>> > 2009/09/05 23:56:30.832| authenticateValidateUser: Validated Auth_user
>> > request '0x189cc30'.
>> > 2009/09/05 23:56:30.832| authenticateValidateUser: Validated Auth_user
>> > request '0x189cc30'.
>> > FATAL: Received Segment Violation...dying.
>> >
>> > As you see plUexception is failling , this acl is declared as next:
>> >
>> > plUexception acl auth user1
>> >
>> >
>> > I wonder if anyone knows how to fix it.
>>
>> Segment violation crashes require a code fix.  What release of Squid is
>> this?
>>
>> ... and can you get any stack trace info?
>>
>> http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e6
>> 7911becaabb8c95a34d576d
>>
>>
>> Amos
>>
> We are about to make stack trace,
> but sys admins is worry about diskspace, aproxy, how many diskspace we need
> for disktrace
>
> right know we have 44Gb free, is this enough?
>
> TIA
>

44 GB is plenty. You need something like your processes' actual
memory usage at the time of the crash for each crash trace. You can
turn on and off the tracing rapidly - you configure a directory for
the dumps in the suqid.conf, but set permissions on the directory so
that the Squid user can't write there, and nothing comes out. Then
set permissions on, wait for a crash or a few crashes, turn
permissions off again.

With 44 GB general range of available diskspace I had very balky
versions of Squid doing multi-day all crash dump capture without
exhausting the space available. You don't want to just turn it on and
ignore it - it will eventually fill up - but that should be multiple
days worth, even if it crashes a lot for Squid.

-- 
-george william herbert
george.herbert_at_gmail.com