Re: [squid-users] Squid + Squidguard loaded but not filtering anything from Amos Jeffries on 2010-09-17 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 17 Sep 2010 23:26:05 +1200

On 17/09/10 21:06, Babelo Gmvsdm wrote:
>
> Hi,
> I have a very strange behaviour with squid today.It loads normaly:
> root 2308 0.0 0.0 8164 1940 ? Ss 10:53 0:00 /usr/sbin/squid3 -YC -f /etc/squid3/squid.confproxy 2310 2.8 0.7 38740 15580 ? S 10:53 0:00 (squid) -YC -f /etc/squid3/squid.confproxy 2312 1.2 0.2 6688 4540 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2313 0.8 0.2 6688 4544 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2314 1.0 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2315 1.0 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2316 1.0 0.2 6684 4536 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2317 1.0 0.2 6684 4536 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2318 1.2 0.2 6684 4536 ? S 10:53 0:00 (s
quidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2319 1.2 0.2 6684 4536 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2320 1.0 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2321 1.0 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2322 1.2 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2323 1.6 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2324 1.2 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2325 1.2 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2326 1.4 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard
.confproxy 2327 1.4 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2328 1.2 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2329 1.2 0.2 6684 4532 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2330 1.4 0.2 6684 4536 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.confproxy 2331 1.0 0.2 6684 4536 ? S 10:53 0:00 (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
> I checked my iptables and it seems so be ok:
> DNAT tcp -- anywhere anywhere tcp dpt:www to:10.2.3.2:3128
> Squid seems to load ok:
> 2010/09/17 10:53:24| Creating Swap Directories2010/09/17 10:53:24| Starting Squid Cache version 3.1.2 for i486-pc-linux-gnu...2010/09/17 10:53:24| Process ID 23102010/09/17 10:53:24| With 65535 file descriptors available2010/09/17 10:53:24| Initializing IP Cache...2010/09/17 10:53:24| DNS Socket created at [::], FD 72010/09/17 10:53:24| Adding nameserver 1.2.3.4 from /etc/resolv.conf2010/09/17 10:53:24| Adding nameserver 1.2.3.5 /etc/resolv.conf2010/09/17 10:53:24| helperOpenServers: Starting 20/20 'squidGuard' processes2010/09/17 10:53:25| Unlinkd pipe opened on FD 522010/09/17 10:53:25| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec2010/09/17 10:53:25| Store logging disabled2010/09/17 10:53:25| Swap maxSize 0 + 262144 KB, estimated 20164 objects2010/09/17 10:53:25| Target number of buckets: 10082010/09/17 10:53:25| Using 8192 Store buckets2010/09/17 10:53:25| Max Mem size: 262144 KB2010/09/17 10:53:25| Max Swap size: 0 KB2010/09/17 10:53:25| Using Leas
t Load store dir selection2010/09/17 10:53:25| Set Current Directory to /var/spool/squid32010/09/17 10:53:25| Loaded Icons.2010/09/17 10:53:25| Accepting intercepted HTTP connections at 0.0.0.0:3128, FD 53.2010/09/17 10:53:25| Accepting ICP messages at [::]:3130, FD 54.2010/09/17 10:53:25| HTCP Disabled.2010/09/17 10:53:25| Squid modules loaded: 02010/09/17 10:53:25| Adaptation support is off.2010/09/17 10:53:25| Ready to serve requests.2010/09/17 10:53:26| storeLateRelease: released 0 objects
> But it let pass everything, the squidGuard blacklists are totally bypassed.
> Please help
> Cheers
> Herc.
>

(Something weird happened to the wrap.)

Do you have any evidence that the requests are arriving at squidGuard or
what its doing with them?

PS: please upgrade to 3.1.8 as soon as possible there are several major
security problems resolved since your version was released.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2

Received on Fri Sep 17 2010 - 11:26:10 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 17 2010 - 12:00:03 MDT