Re: [squid-users] D

From: Loc BLOT <>
Date: Fri, 19 Apr 2013 18:56:21 +0200

Here i have'nt any error in my cache.log
I think squid must warn when he tries to apply a second http_port
directive on a already configured port (a little map like std::map
squid_tcp_modes with squid_tcp_modes[3128] = 0/1/2 (normal, transparent,
intercept could resolve the problem by registering current loaded
http_port directives) Then the configuration mistake cannot be possible.

For the DoS problem when i use http_port 3128 transparent only, it's
right that squid is started and all his child but he refuses all

Best regards,
Loïc BLOT, 
UNIX systems, security and network expert
Le vendredi 19 avril 2013 à 10:15 -0600, Alex Rousskov a écrit :
> On 04/19/2013 09:10 AM, Amos Jeffries wrote:
> >> * Squid must refuse configuration when same http_ports are declared with
> >> different modes
> > You wish your live production server to cease service completely [...]
> > if you make a small configuration mistake?
> Many admins do, and rightfully so: Squid cannot determine whether wrong
> http_ports are a "small" mistake or a "huge" one. Or, from a different
> angle, whether not serving traffic correctly is better than not serving
> traffic at all.
> Besides, at the time the admin runs "squid" or "service start squid",
> that Squid instance is not providing any service so the "cease service"
> argument above can only be applied to REconfiguration. At
> reconfiguration time, the right action upon detecting a problem is
> probably to do nothing (rather than ignore the problem in one area and
> reconfigure the rest of Squid as if all areas are independent). Today,
> Squid cannot validate configurations without applying them, but that
> should be the goal IMHO.
> Errors in cache.log are useful for determining the cause of startup
> failure. They are not very useful for _detecting_ a problem if Squid
> seems to start OK because, in part, few admins look at cache.log after
> what looks like a successful start ("service squid start" may not show
> the log) and, in part, because our cache.log is often too noisy for a
> casual observer to see useful information.
> $0.02,
> Alex.

Received on Fri Apr 19 2013 - 16:51:05 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 19 2013 - 12:00:06 MDT