On 11/02/11 17:22, Linda Walsh wrote:
>
>
>
>
> I purchased a little toaster-sized HP home-server that I haven't fully made
> use of, but that does have an annoying feature. It's **constantly** sending
> messages to a ms-server. Maybe it's some sort of I'm alive pulse, but it's
> annoyingly filling up my squidlog, and always using up/interrupting
> normal traffic bin __minor__ amounts as it constantly does an HTTP
> version of
> a ping that runs *almost* all the time.
>
> Here's a snipped from a 'cooked' log format I use to give me a quick
> view into what's going w/squid:
> +0.19 182ms; ln=1579 (8.5K/8.4K) TCP_MISS/403 <Home-Server [POST
> http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
> HIER_DIRECT/sqm.microsoft.com text/html ]
> +0.18 173ms; ln=1579 (8.9K/8.9K) TCP_MISS/403 <Home-Server [POST
> http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
> HIER_DIRECT/sqm.microsoft.com text/html ]
> +0.17 164ms; ln=1579 (9.4K/9.3K) TCP_MISS/403 <Home-Server [POST
> http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
> HIER_DIRECT/sqm.microsoft.com text/html ]
> +0.20 191ms; ln=1579 (8.1K/8.0K) TCP_MISS/403 <Home-Server [POST
> http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
> HIER_DIRECT/sqm.microsoft.com text/html ]
> +0.15 145ms; ln=1579 (10.6K/10.5K) TCP_MISS/403 <Home-Server [POST
> http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
> HIER_DIRECT/sqm.microsoft.com text/html ]
> -------
>
> It just keeps going this -- occasionally it will stop for a few minutes,
> but most of the time it's doing these little several-K requests.
> Is there an easy way in squid to say "if requester='home-server' and
> request address = 'http://sqm.microsoft.com/sqm/Windows/sqmserver.dll',
> then DROP the request (and issue nothing in the log).
>
> There are more crude methods of shutting up, like one time, since it is
> going through the proxy-server to get to the outside world, I just threw
> in an ipchains rule to ignore it altogether. Fast, but a bit crude. I
> don't want to cut off all internet access -- just that one, constant
> droning request that just goes on and on...(filling logs, but most of
> all, always reducing my full bandwidth)...
>
> What a pain in the butt!
>
> Talk about products that 'phone home'....This one whines to home about 5
> times/second! LAME!
>
> I currently have no other filtering going on in my squid files, so I'm
> not really sure where to start. Do I need to write an external helper
> and filter all traffic through it? That sounds like overkill -- and I'd
> really not wish to slow down traffic from other stations -- I already
> get too many 'sorry but your browser is configured to use a proxy which
> is not responding' messages, now, as it is -- and ***I'M THE ONLY
> USER!!!***... (very sad when 1 user can overwhelm a proxy server
> designed to handle hundreds (if not thousands) of users... But that's
> question for another day (like after I've pulled the latest source and
> tried it to see if it is fixed...;-))....
>
That 403 is Squid or something upstream blocking the requests. So the
speed of calls is likely due to badly programed retries.
You could block this in Squid with:
acl SQM dstdomain sqm.microsoft.com
http_access deny SQM
and prevent logging of its requests with
access_log none SQM
But neither of those will help with the bandwidth consumption between
Squid and the problem box. Likely only finding out the cause of the
call-home and killing it will do that.
These may help with that latter:
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.4Received on Fri Feb 11 2011 - 04:50:31 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST