Re: [squid-users] Squid3 reverse proxy & Failed to select source strange errors

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 24 Nov 2009 02:08:01 +1300

David B. wrote:
> Hi Squid users,
>
> We're using squid3 as a reverse proxy on several boxes and he's working
> quite well.
>
> Squid configuration is quite simple :
> cache_peer X.X.X.X parent 80 0 no-query originserver no-digest
> cache_peer Y.Y.Y.Y parent 80 0 no-query originserver no-digest
>
> cache_peer_domain X.X.X.X static.myhost1.com
> cache_peer_domain Y.Y.Y.Y static.myhost2.com
>
> So squid deliver static content and ONLY get missing files from backend
> with cache_peer.
>
> But sometimes (several times a day), i got some stange errors from
> cache.log.
> It seems that squid is trying to contact servers that are not in
> cache_peer list with domain name that I should not handle any request !.
>
> Exemple :
> 2009/11/23 08:36:28| Failed to select source for
> 'http://img43.imageshack.us/img43/416/greysanatomypromotional.jpg'
> 2009/11/23 08:36:28| always_direct = 0
> 2009/11/23 08:36:28| never_direct = 0
> 2009/11/23 08:36:28| timedout = 0
> [snip]
> 2009/11/23 11:02:26| Failed to select source for
> 'http://pagead2.googlesyndication.com/pagead/show_ads.js'
> 2009/11/23 11:02:26| always_direct = 0
> 2009/11/23 11:02:26| never_direct = 0
> 2009/11/23 11:02:26| timedout = 0
>
> I'm not imageshack or google. :)
>

Normal website attacks.

One of the benefits of using Squid is to prevent these resource wasters
getting near the backend processors. "Failed to select source" is good
news.

You might also want to occasionally scan the access.log to see if any
foreign requests do get through (2xx or 3xx status). If any do you have
a problem, otherwise everything is fine.

NP: If you see many of these attacks (or a few regularly) and can log
the sources there are services around for back-tracking and killing off
the attack sources. I administrate one such and am always seeking
reliable data sources.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.14
Received on Mon Nov 23 2009 - 13:08:08 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 23 2009 - 12:00:04 MST