Re: [squid-users] Squid3 issues

Adam_at_Gmail wrote:
> Hi Amos,
> Thanks again for your reply, I have tried these two links, I have used
> them for one server at a time, or maybe the issue is that I was trying
> to access the backend Server which is currently running in virtualhost
> mode and holds the 3 websites.
>
> As I said before I have completely uninstalled the previous Squid, I
> reinstalled it again this time, configured it and compiled it (manually)
> I had some issues with permissions, first the cache logs and then the
> swap file directory but it's all sorted.
> Now when ever I start Squid with
> Squid -NCd 10
> I check if everything is running ok, so I get this warning:
>
> ClientParseRequestMethod: Unsupported method attempted by : 111.118.144.225
> This is not a bug. see Squid.conf extension methods
> ClientProcess Invalid Request.

The line above (or maybe below) should indicate what request methods was
used. If it looks like garbage it is not HTTP.
  This is caused commonly by apps which send their non-HTTP stuff
through port 80.
  Or, by overly wide DNAT / interception rules grabbing non-80 ports and
pushing their data into Squid.

>
> Let me just point out that first I have no idea where this IP originate
> from, I tried Dnsstuff to figure out where it's coming from, I am not
> sure if it's a Google crawler or someone else, the information wasn't
> clear.

Well, it is probably coming for outside your network and being set to
your Squid.

> But it's definitely not one of my IPs
> Second, the proxy at the moment is behind a router and is not connected
> to any of "Local" clients yet, I wanted to run it first before I can
> connect it as a "Proxy-Router"
> How can I prevent this from accessing it because it's persisting
> connection it will soon cripple the server.
>
> Does anyone know who owns this IP address please? 111.118.144.225
>

The whois tool is a first step to finding out:

  whois 111.118.144.225

I wont publish their contact details here, but the whois command will
show them to you if you really need them. It's one of their customers
probably.

> All I got as info is this
> Location: Cambodia [City: Phnom Penh, Phnum Penh]Maybe I need to block
> their IP if I can.At the moment the proxy server is set as a standalone
> machine connected through a router so I can't understand why is it
> gettingthese requests, from outside.Any ideas please?

Firstly, check your firewall rules that public traffic really is not
being explicitly sent to the proxy yet.

If you can confirm that it really should not, add an iptables rule to
DROP packets coming from it before they go anywhere.

Maybe you face an attack or an infected/insecure machine already on your
network. Either way its worth finding out more about what that IP is/was
doing and why.

Amos

Amos wrote:
>
>> Adam_at_Gmail wrote:
>>> Hi Amos,
>>> Thanks for your comments, All I was doing is hit reply, this is the
>>> very first time ever I used any mailing list
>>> It doesn't matter anymore, I am sorry if I offended anyone, it was
>>> not my intention, when I get an email I simply hit reply
>>> I will try and solve my problems, and if I do get it to work I will
>>> certainly post the solution for future users who might face the same
>>> problem
>>>
>>> As for now, I just want to thank you all
>>>
>>> I have previously installed an older version of Squid compiled it
>>> manually it wasn't the one packaged with the OS (Ubuntu hardy)
>>> after few days trying to get it to work, I mean as a reverse proxy,
>>> with no luck, I removed it, tried the version 3.0 the one that was
>>> packaged with the Os, I got as far as allowing clients on my network
>>> to have access to the internet and most of other applications on
>>> windows XP couldn't connect.
>>
>> Windows apps sadly often have to be individually configured for the
>> proxy. A lot are not able to use proxies at all.
>>
>> For the MS software on WindowsXP, set the IE "Internet Options" then
>> at the command line running "proxycfg -u".
>> That proxycfg -u seems trivial, but it is seriously important for
>> Windows XP or a lot of HTTP service stuff in the background will not
>> work even with IE set correctly.
>> Also worth noting is that proxy auto-detect is not done by several of
>> the back-end libraries either. Including windows update :(
>>
>>>
>>> anyway this time around I have downloaded it again configured it
>>> compiled it and installed it, it's not starting but this is a minor
>>> problem, it's a permission issue rather than anything else.
>>>
>>> I just want to say, thank you all, If I do get it to work I will post
>>> the solution as promised if not that means I have moved on and no
>>> longer using Squid3.
>>>
>>> I will break it down for others to see and it will hopefully help
>>> others:
>>>
>>> Here it is:
>>>
>>> 1) Machine A Proxy-Router
>>> 2) Machine DSN DHCP
>>> 3) Web-server One www.example.com
>>> 4) Web-server Two www.example.org
>>> 5) Web-server Three www.example.net
>>> 6) IRC-server / Digichat server
>>> Plus 5 Windows clients
>>>
>>> I wanted a proxy server in the for two good reasons, one is for
>>> loadbalancing and second for an extra layer of security
>>> Currently I have all of the three websites above running on a single
>>> machine on a virtualhosts, but it's too much for one machine to
>>> handle all the requests.
>>>
>>> I always wanted to use a proxy server but I was putting it off.
>>> a) I knew it was going to be a challenge
>>> b) I was trying to get sometime off in order to do it properly
>>> Basically all I wanted for now is to forward all requests to the
>>> relevant backend servers, to which I knew it was going to be a challenge
>>
>>
>> The "IRC-server / Digichat server" may not be proxy-able at all
>> through Squid. It depends if they use HTTP services, or if they are
>> accessible via HTTP.
>>
>>
>> For the reverse proxying of your websites:
>> pick one of the web servers to start with and this is the wiki
>> article you need for that website:
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>
>> Note, the config settings must be going in above all the default
>> http_access lines currently in your config. The default http_access
>> are for forward-proxy and will block external access.
>>
>> Then when thats tested and working, this config describes what to add
>> to the above to get multiple websites from multiple servers:
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers
>>
>>
>> At this point or even with just one server setup you may hit the FD
>> overload problem again.
>>
>> Why: Squid uses 2-3 FD for every request (client, cache file, and
>> maybe server connections) and clients like making 4-16 requests in
>> parallel each these days and make them is persistent for many minutes
>> at a stretch. FD run out fast.
>> For reverse-proxies on a fairly used site it may be a good idea to
>> have many FD available to Squid (64K or even 128K has been cited a
>> needed).
>>
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
>> Current Beta Squid 3.1.0.18
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18