[squid-users] Squid display garbage character.

Willsz.net Support willsznet at gmail.com
Sun May 27 07:20:15 UTC 2018 

> This display happens when the browser is being told the response object
> is or one type (eg HTML/XML text), but it is actually binary content (eg
> an image, or compressed object). Usually when fetching the main HTML
> index object, images, or video content - things which are displayed
> directly to the user.
> 
> 
> It usually occurs because:
> 
> A) an admin forces things to be cached by a proxy and served from cache
> despite instructions from the website author on the HTTP response that
> caching is not permitted for that object.
>   - check your squid.conf for any refresh_pattern directives with
> override-* or ignore-* options which might be forcing things to be
> cached when they are not supposed to. BE VERY careful and conservative
> with your use of regex patterns.
>   - current Squid versions "squid -k parse" command should provide you
> nice loud WARNING messages about any of these options if it is possibly
> going to cause the types of issue you can see. The text will mention
> violating HTTP and you being responsible for the issues cased (if any).

Thank you, Amos

Not much modification in my Squid.conf, this output of squid -k parse:

root:~# squid -k parse
2018/05/27 13:53:42| Startup: Initializing Authentication Schemes ...
2018/05/27 13:53:42| Startup: Initialized Authentication Scheme 'basic'
2018/05/27 13:53:42| Startup: Initialized Authentication Scheme 'digest'
2018/05/27 13:53:42| Startup: Initialized Authentication Scheme 'ntlm'
2018/05/27 13:53:42| Startup: Initialized Authentication.
2018/05/27 13:53:42| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2018/05/27 13:53:42| Processing: acl proxyserv dst 192.168.100.250
2018/05/27 13:53:42| Processing: acl pccl03  src 192.168.100.3/32
2018/05/27 13:53:42| Processing: acl pccl04  src 192.168.100.4/32
2018/05/27 13:53:42| Processing: acl pccl05  src 192.168.100.5/32
2018/05/27 13:53:42| Processing: acl pccl08  src 192.168.100.8/32
2018/05/27 13:53:42| Processing: acl pccl22  src 192.168.100.22/32
2018/05/27 13:53:42| Processing: acl pccl23  src 192.168.100.23/32
2018/05/27 13:53:42| Processing: acl pccl24  src 192.168.100.24/32
2018/05/27 13:53:42| Processing: acl pccl25  src 192.168.100.25/32
2018/05/27 13:53:42| Processing: acl pccl26  src 192.168.100.26/32
2018/05/27 13:53:42| Processing: acl tvbox   src 192.168.100.50/32
2018/05/27 13:53:42| Processing: acl wicl80  src 192.168.100.80/32
2018/05/27 13:53:42| Processing: acl wicl81  src 192.168.100.81/32
2018/05/27 13:53:42| Processing: acl wicl82  src 192.168.100.82/32
2018/05/27 13:53:42| Processing: acl wicl83  src 192.168.100.83/32
2018/05/27 13:53:42| Processing: acl wicl84  src 192.168.100.84/32
2018/05/27 13:53:42| Processing: acl wicl85  src 192.168.100.85/32
2018/05/27 13:53:42| Processing: acl wicl86  src 192.168.100.86/32
2018/05/27 13:53:42| Processing: acl wicl87  src 192.168.100.87/32
2018/05/27 13:53:42| Processing: acl wicl88  src 192.168.100.88/32
2018/05/27 13:53:42| Processing: acl wicl89  src 192.168.100.89/32
2018/05/27 13:53:42| Processing: acl wicl90  src 192.168.100.90/32
2018/05/27 13:53:42| Processing: acl wicl91  src 192.168.100.91/32
2018/05/27 13:53:42| Processing: acl wicl92  src 192.168.100.92/32
2018/05/27 13:53:42| Processing: acl wicl93  src 192.168.100.93/32
2018/05/27 13:53:42| Processing: acl wicl94  src 192.168.100.94/32
2018/05/27 13:53:42| Processing: acl wicl95  src 192.168.100.95/32
2018/05/27 13:53:42| Processing: acl wicl96  src 192.168.100.96/32
2018/05/27 13:53:42| Processing: acl wicl97  src 192.168.100.97/32
2018/05/27 13:53:42| Processing: acl wicl98  src 192.168.100.98/32
2018/05/27 13:53:42| Processing: acl wicl99  src 192.168.100.99/32
2018/05/27 13:53:42| Processing: acl pcbill  src 192.168.100.100/32
2018/05/27 13:53:42| Processing: acl pchome  src 192.168.100.101/32
2018/05/27 13:53:42| Processing: acl domaindeny dstdom_regex -i "/usr/local/etc/squid/domain.deny"
2018/05/27 13:53:42| Processing: acl domainrdr dstdom_regex -i "/usr/local/etc/squid/domain.rdr"
2018/05/27 13:53:42| Processing: acl ipaddrdeny dst -n "/usr/local/etc/squid/ipaddr.deny"
2018/05/27 13:53:42| Processing: acl urlpathdeny urlpath_regex -i "/usr/local/etc/squid/urlpath.deny"
2018/05/27 13:53:42| Processing: acl windowsupdate dstdom_regex -i download\.windowsupdate\.com
2018/05/27 13:53:42| Processing: acl domainnocache dstdomain .garenanow.com .garena.co.id
2018/05/27 13:53:42| Processing: deny_info 302:http://ip.fo-ont-lo.willsz.net/null.png ipaddrdeny domaindeny urlpathdeny windowsupdate
2018/05/27 13:53:42| Processing: deny_info 302:http://unyil.willsz.net/index.html domainrdr
2018/05/27 13:53:42| Processing: always_direct allow domainnocache
2018/05/27 13:53:42| Processing: cache deny domainnocache
2018/05/27 13:53:42| Processing: acl SSL_ports port 443
2018/05/27 13:53:42| Processing: acl Safe_ports port 80
2018/05/27 13:53:42| Processing: acl Safe_ports port 8080
2018/05/27 13:53:42| Processing: acl Safe_ports port 8081
2018/05/27 13:53:42| Processing: acl CONNECT method CONNECT
2018/05/27 13:53:42| Processing: http_access deny !Safe_ports
2018/05/27 13:53:42| Processing: http_access deny CONNECT !SSL_ports
2018/05/27 13:53:42| Processing: http_access deny domaindeny
2018/05/27 13:53:42| Processing: http_access deny domainrdr
2018/05/27 13:53:42| Processing: http_access deny ipaddrdeny
2018/05/27 13:53:42| Processing: http_access deny urlpathdeny
2018/05/27 13:53:42| Processing: http_access allow wicl80 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl81 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl82 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl83 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl84 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl85 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl86 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl87 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl88 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl89 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl90 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl91 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl92 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl93 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl94 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl95 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl96 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl97 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl98 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow wicl99 windowsupdate
2018/05/27 13:53:42| Processing: http_access allow pcbill windowsupdate
2018/05/27 13:53:42| Processing: http_access deny windowsupdate
2018/05/27 13:53:42| Processing: http_access allow proxyserv
2018/05/27 13:53:42| Processing: http_access allow pccl03
2018/05/27 13:53:42| Processing: http_access allow pccl04
2018/05/27 13:53:42| Processing: http_access allow pccl05
2018/05/27 13:53:42| Processing: http_access allow pccl08
2018/05/27 13:53:42| Processing: http_access allow pccl22
2018/05/27 13:53:42| Processing: http_access allow pccl23
2018/05/27 13:53:42| Processing: http_access allow pccl24
2018/05/27 13:53:42| Processing: http_access allow pccl25
2018/05/27 13:53:42| Processing: http_access allow pccl26
2018/05/27 13:53:42| Processing: http_access allow tvbox
2018/05/27 13:53:42| Processing: http_access allow wicl80
2018/05/27 13:53:42| Processing: http_access allow wicl81
2018/05/27 13:53:42| Processing: http_access allow wicl82
2018/05/27 13:53:42| Processing: http_access allow wicl83
2018/05/27 13:53:42| Processing: http_access allow wicl84
2018/05/27 13:53:42| Processing: http_access allow wicl85
2018/05/27 13:53:42| Processing: http_access allow wicl86
2018/05/27 13:53:42| Processing: http_access allow wicl87
2018/05/27 13:53:42| Processing: http_access allow wicl88
2018/05/27 13:53:42| Processing: http_access allow wicl89
2018/05/27 13:53:42| Processing: http_access allow wicl90
2018/05/27 13:53:42| Processing: http_access allow wicl91
2018/05/27 13:53:42| Processing: http_access allow wicl92
2018/05/27 13:53:42| Processing: http_access allow wicl93
2018/05/27 13:53:42| Processing: http_access allow wicl94
2018/05/27 13:53:42| Processing: http_access allow wicl95
2018/05/27 13:53:42| Processing: http_access allow wicl96
2018/05/27 13:53:42| Processing: http_access allow wicl97
2018/05/27 13:53:42| Processing: http_access allow wicl98
2018/05/27 13:53:42| Processing: http_access allow wicl99
2018/05/27 13:53:42| Processing: http_access allow pcbill
2018/05/27 13:53:42| Processing: http_access allow pchome
2018/05/27 13:53:42| Processing: http_access deny all
2018/05/27 13:53:42| Processing: always_direct deny all
2018/05/27 13:53:42| Processing: icp_port 0
2018/05/27 13:53:42| Processing: icp_access deny all
2018/05/27 13:53:42| Processing: http_port 127.0.0.1:3128
2018/05/27 13:53:42| Processing: http_port 192.168.100.250:7080 transparent
2018/05/27 13:53:42| Starting Authentication on port 192.168.100.250:7080
2018/05/27 13:53:42| Disabling Authentication on port 192.168.100.250:7080 (interception enabled)
2018/05/27 13:53:42| Processing: cache_mem 32 MB
2018/05/27 13:53:42| Processing: cache_swap_low 90
2018/05/27 13:53:42| Processing: cache_swap_high 95
2018/05/27 13:53:42| Processing: cache_dir ufs /var/cache/squid 2048 16 256
2018/05/27 13:53:42| Processing: store_dir_select_algorithm round-robin
2018/05/27 13:53:42| Processing: access_log daemon:/var/log/squid/access.log squid
2018/05/27 13:53:42| Processing: cache_log /var/log/squid/cache.log
2018/05/27 13:53:42| Processing: cache_store_log none
2018/05/27 13:53:42| Processing: pid_filename /var/run/squid.pid
2018/05/27 13:53:42| Processing: logfile_rotate 1
2018/05/27 13:53:42| Processing: log_icp_queries off
2018/05/27 13:53:42| Processing: buffered_logs off
2018/05/27 13:53:42| Processing: minimum_object_size 0 KB
2018/05/27 13:53:42| Processing: maximum_object_size 10 MB
2018/05/27 13:53:42| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
2018/05/27 13:53:42| Processing: refresh_pattern .       0   100% 10080
2018/05/27 13:53:42| Processing: memory_replacement_policy heap GDSF
2018/05/27 13:53:42| Processing: cache_replacement_policy heap LFUDA
2018/05/27 13:53:42| Processing: shutdown_lifetime 5 seconds
2018/05/27 13:53:42| Processing: half_closed_clients off
2018/05/27 13:53:42| Processing: client_persistent_connections off
2018/05/27 13:53:42| Processing: server_persistent_connections on
2018/05/27 13:53:42| Processing: pconn_timeout 15 seconds
2018/05/27 13:53:42| Processing: request_timeout 1 minute
2018/05/27 13:53:42| Processing: tcp_outgoing_tos 0x30 all
2018/05/27 13:53:42| Processing: retry_on_error on
2018/05/27 13:53:42| Processing: buffered_logs on
2018/05/27 13:53:42| Processing: global_internal_static off
2018/05/27 13:53:42| Processing: max_stale 10 years
2018/05/27 13:53:42| Processing: quick_abort_min -1 KB
2018/05/27 13:53:42| Processing: vary_ignore_expire on
2018/05/27 13:53:42| Processing: ie_refresh on
2018/05/27 13:53:42| Processing: cache_mgr cachemaster at willsz.net
2018/05/27 13:53:42| Processing: visible_hostname ip.proxy-cache.willsz.net
2018/05/27 13:53:42| Processing: cache_effective_user squid
2018/05/27 13:53:42| Processing: cache_effective_group squid
2018/05/27 13:53:42| Processing: check_hostnames on
2018/05/27 13:53:42| Processing: dns_retransmit_interval 2 seconds
2018/05/27 13:53:42| Processing: dns_timeout 1 minutes
2018/05/27 13:53:42| Processing: memory_pools off
2018/05/27 13:53:42| Processing: forwarded_for off
2018/05/27 13:53:42| Processing: client_persistent_connections on
2018/05/27 13:53:42| Processing: coredump_dir /tmp
2018/05/27 13:53:42| Processing: httpd_suppress_version_string on
  
> B) the web server is not sending Vary headers consistently and the proxy
> cache ends up thinking that a compressed object is possible to be sent
> to clients only accepting plain-text objects.
>  - this one there is not much you can do except to prevent these
> particular URLs not to be cashed by your own proxy.
> Both cases result in the client sometimes displaying binary octets as if
> they were plain text, as you can see in that demo image. More often they
> occur with scripts and nothing gets displayed - just parts of the
> website dont work properly (no scrolling, missing content, or
> unclickable buttons, etc).
 
I am more suspicious because of this, many of gambling site hosting will get the same problem.
I tested for http://www.bolaliga88.com/ with the same result https://redbot.org/?uri=http%3A%2F%2Fwww.bolaliga88.com%2F  
 
> The tool at
> (<https://redbot.org/?descend=True&uri=http://www.cintapoker88.com/&check_nam
> e=default>)
> indicates that some (but only a very few) of the javascripts being used
> by that website have Vary header issues. The images pulled from Imgur
> have some serious problems
> 
> So it depends on exactly which URL(s) you are having trouble with. You
> can plug them into that redbot tool to get an analysis of particular URL.
> 
> 
> Also, it would help to know which Squid version you are using and which
> OS distro you use it on. If you are unsure of your regex_pattern rules
> please post your squid.conf and we can assist pointing out any
> unsuspected issues there.

Sorry, I forgot for this. I compile squid from source under FreeBSD. 

root:~# uname -mrs
FreeBSD 10.4-STABLE i386

root:~# squid -v
Squid Cache: Version 3.5.27
Service Name: squid
configure options:  '--prefix=/usr/local' '--datadir=/usr/local/etc/squid' '--includedir=/usr/local/include' '--bindir=/usr/local/sbin' '--libexecdir=/usr/local/libexec/squid' '--sysconfdir=/usr/local/etc/squid' '--with-default-user=squid' '--localstatedir=/var/cache/squid' '--libdir=/usr/local/lib' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-swapdir=/var/cache/squid' '--without-gnutls' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru,heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--disable-arch-native' '--mandir=/usr/local/man' '--infodir=/usr/local/info' '--disable-wccp' '--disable-wccpv2' '--enable-ipfw-transparent' '--with-large-files' '--disable-htcp' '--disable-eui' '--enable-cachemgr-hostname=ip.proxy-cache.willsz.net' '--disable-auth-negotiate' '--without-mit-krb5' '--without-heimdal-krb5'

Thank you for explanation, Amos.

More information about the squid-users mailing list