<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 20 February 2015 at 13:57, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5">On 20/02/2015 10:09 p.m., Odhiambo Washington wrote:<br>
> On 20 February 2015 at 04:15, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br>
><br>
>> On 20/02/2015 5:15 a.m., Odhiambo Washington wrote:<br>
>>> On 19 February 2015 at 15:12, Odhiambo Washington <<a href="mailto:odhiambo@gmail.com">odhiambo@gmail.com</a>><br>
>>> wrote:<br>
>>><br>
>>>> Hi Amos,<br>
>>>><br>
>>>> I did see that thread. However, the discussion was still continuing<br>
>> then.<br>
>>>><br>
>>>><br>
>>>> I will apply it to my server and see.<br>
>>>><br>
>>>> Reporting back today!<br>
>>>><br>
>>>><br>
>>>><br>
>>>> On 19 February 2015 at 14:07, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br>
>> wrote:<br>
>>>><br>
>>>>> On 19/02/2015 10:49 p.m., Odhiambo Washington wrote:<br>
>>>>>> I have been hoping that 3.5.2 would possibly help address my problems<br>
>>>>> with<br>
>>>>>> ACLs, but alas!<br>
>>>>><br>
>>>>> Ah, I thought you saw this announcement made just after your last<br>
>>>>> message in Jan:<br>
>>>>><br>
>>>>> <<br>
>>>>><br>
>> <a href="http://lists.squid-cache.org/pipermail/squid-users/2015-January/001745.html" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/2015-January/001745.html</a><br>
>>>>>><br>
>>>>><br>
>>>>> Its sounds very much like what your last few threads have been<br>
>>>>> describing as happening. Signal handling issues will affect all the<br>
>>>>> squid -k operations.<br>
>>>>><br>
>>>>> Amos<br>
>>>>><br>
>>>><br>
>>><br>
>>> I have compiled a custom kernel after applying this patch mentioned in<br>
>> that<br>
>>> thread.<br>
>><br>
>> Er. There were two patches mentioned as being applied in the FreeBSD<br>
>> mail and bug reports.<br>
>><br>
>>><br>
>>> wash@mail:~$ uname -a<br>
>>> FreeBSD <a href="http://mail.ili.or.ug" target="_blank">mail.ili.or.ug</a> 10.1-RELEASE-p5 FreeBSD 10.1-RELEASE-p5 #4: Thu<br>
>> Feb<br>
>>> 19 16:55:56 EAT 2015 root@mail.ili.or.ug:/usr/obj/usr/src/sys<br>
>>> /BEASTIE-10.x amd64<br>
>>><br>
>>><br>
>>> However, my issues still persist.<br>
>>><br>
>>> root@mail:/opt # /opt/squid-3.5.2/sbin/squid -k reconfigure<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>> 2015/02/19 19:10:53.639| Acl.cc(380) ~ACL: freeing ACL<br>
>>><br>
>>><br>
>>> Would this then suggest there is a problem with my squid.conf<br>
>>> <<a href="http://pastebin.com/wwwcnHnF" target="_blank">http://pastebin.com/wwwcnHnF</a>> ?<br>
>>><br>
>>> Or the FreeBSD problem isn't quite solved?<br>
>>><br>
>><br>
>> Could you re-state what the problem is?<br>
>><br>
>> Now your pastebin is expired all we have on record about this problems<br>
>> is the sentence: "it's crashing with errors as seen from <DEAD URL>"<br>
>><br>
><br>
><br>
> Generally, Squid seems to partially ignore my time-based ACLS as seen in<br>
> the squid.conf<br>
><br>
<br>
</div></div>Oh. I thought you were talking about crashes still since you keep<br>
posting that -k reconfigure output (its odd, but only in that it should<br>
not be that visible).<br>
<div><div class="h5"><br>
<br>
<br>
> It would block one site but allow the others. I expect a standard blocking<br>
> within the specied time.<br>
><br>
> I have not been able to figure out why.<br>
><br>
> For instance, my ACL for TIMEWASTAGESITED contains .<a href="http://facebook.com" target="_blank">facebook.com</a>, .<a href="http://gmail.com" target="_blank">gmail.com</a><br>
> and .<a href="http://youtube.com" target="_blank">youtube.com</a> as dstdomains.<br>
><br>
> I find that <a href="http://youtube.com" target="_blank">youtube.com</a> is blocked while <a href="http://facebook.com" target="_blank">facebook.com</a> is not blocked. Both<br>
> should be blocked at this time (11:58)<br>
><br>
> root@mail:/opt/squid-3.5.2/etc # tail -f /usr/local/squid/logs/access.log |<br>
> grep DENIED<br>
> 1424422669.545 456 192.168.2.2 TCP_DENIED/403 4345 GET<br>
> <a href="http://youtube.com/" target="_blank">http://youtube.com/</a> - HIER_NONE/- text/html<br>
> 1424422671.910 1 192.168.2.2 TCP_DENIED/403 4291 GET<br>
> <a href="http://youtube.com/favicon.ico" target="_blank">http://youtube.com/favicon.ico</a> - HIER_NONE/- text/html<br>
><br>
> root@mail:/opt/squid-3.5.2/etc # tail -f /usr/local/squid/logs/access.log |<br>
> grep 192.168.2.2<br>
> 1424422669.545 456 192.168.2.2 TCP_DENIED/403 4345 GET<br>
> <a href="http://youtube.com/" target="_blank">http://youtube.com/</a> - HIER_NONE/- text/html<br>
> 1424422671.910 1 192.168.2.2 TCP_DENIED/403 4291 GET<br>
> <a href="http://youtube.com/favicon.ico" target="_blank">http://youtube.com/favicon.ico</a> - HIER_NONE/- text/html<br>
> 1424422710.537 863 192.168.2.2 TCP_MISS/400 372 POST<br>
> <a href="http://bench.utorrent.com/e?i=36" target="_blank">http://bench.utorrent.com/e?i=36</a> - ORIGINAL_DST/<a href="http://54.221.228.66" target="_blank">54.221.228.66</a> text/html<br>
> 1424422710.578 903 192.168.2.2 TCP_MISS/400 372 POST<br>
> <a href="http://bench.utorrent.com/e?i=36" target="_blank">http://bench.utorrent.com/e?i=36</a> - ORIGINAL_DST/<a href="http://54.197.243.221" target="_blank">54.197.243.221</a> text/html<br>
> 1424422755.202 1239 192.168.2.2 TCP_MISS/200 280 POST<br>
> <a href="http://bench.utorrent.com/e?i=20" target="_blank">http://bench.utorrent.com/e?i=20</a> - ORIGINAL_DST/<a href="http://54.243.183.178" target="_blank">54.243.183.178</a> text/html<br>
> 1424422756.602 846 192.168.2.2 TCP_MISS/200 1016 GET<br>
> <a href="http://cdn.ap.bittorrent.com/control/feature/tags/ut.json" target="_blank">http://cdn.ap.bittorrent.com/control/feature/tags/ut.json</a> - ORIGINAL_DST/<br>
> 54.230.128.<br>
> 193 application/json<br>
> 1424422895.279 593 192.168.2.2 TCP_MISS/404 1792 GET<br>
> <a href="http://www.gstatic.com/chrome/profile_avatars/NothingToDownload" target="_blank">http://www.gstatic.com/chrome/profile_avatars/NothingToDownload</a> -<br>
> ORIGINAL_DST/196.0<br>
> .3.114 text/html<br>
><br>
><br>
> The odd part:<br>
><br>
> While <a href="http://facebook.com" target="_blank">facebook.com</a> and <a href="http://gmail.com" target="_blank">gmail.com</a> are accessible, nothing appears at all in<br>
> the access.log and cache.log (debug mode) about them yet this is an<br>
> intercept proxy. The sites just load. No log enties:(<br>
<br>
</div></div>The browser is maybe ...<br>
- not using the proxy for them at all (QUIC or WebSockets protocol), or<br></blockquote><div><br></div><div>I am using Google Chrome on Windows. Pretty vanilla Chrome so that's not possible.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
- using a CONNECT tunnel which will only appear when its closed (HTTPS<br>
SPDY, HTTP/2), or<br>
- using a domain you dont have listed ("Google" services are actually<br>
*.<a href="http://1e100.net" target="_blank">1e100.net</a> and "Facebook" is actually *.<a href="http://fbcdn.net" target="_blank">fbcdn.net</a>).<br></blockquote><div><br></div><div> I see none of such entries in the logs</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
NP: If they are using SPDY or HTTP/2 within a CONNECT tunnel it may be<br>
used for a day or so without anything appearing in the log.<br>
<br></blockquote><div><br></div><div>There I am lost completey.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Check your cachemgr active_requests report to see if there is CONNECT to<br>
facebook or gmail active. They may have been opened before your block<br>
period and stay open into it.<br>
<span class=""><font color="#888888"><br></font></span></blockquote><div><br></div><div>root@mail:/opt/squid-3.5.2/etc # /opt/squid-3.5.2/bin/squidclient -h localhost -p 13128 cache_object://localhost/ mgr:active_requests</div><div>HTTP/1.1 200 OK</div><div>Server: squid</div><div>Mime-Version: 1.0</div><div>Date: Fri, 20 Feb 2015 11:35:17 GMT</div><div>Content-Type: text/plain;charset=utf-8</div><div>Expires: Fri, 20 Feb 2015 11:35:17 GMT</div><div>Last-Modified: Fri, 20 Feb 2015 11:35:17 GMT</div><div>X-Cache: MISS from aardvark</div><div>X-Cache-Lookup: MISS from aardvark:13127</div><div>Via: 1.1 aardvark (squid)</div><div>Connection: close</div><div><br></div><div>Connection: 0x809319418</div><div> FD 13, read 137, wrote 0</div><div> FD desc: Reading next request</div><div> in: buf 0x809c9c600, used 137, free 374</div><div> remote: <a href="http://127.0.0.1:29252">127.0.0.1:29252</a></div><div> local: <a href="http://127.0.0.1:13128">127.0.0.1:13128</a></div><div> nrequests: 1</div><div>uri cache_object://localhost/active_requests</div><div>logType TCP_MISS</div><div>out.offset 0, out.size 0</div><div>req_sz 137</div><div>entry 0x80a2c3c80/7C63DF06F8D015F656D5D9CA81CF8BDE</div><div>start 1424432117.586294 (0.000978 seconds ago)</div><div>username -</div><div>delay_pool 0 </div><div><br></div><div>That's all I see....</div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>"I can't hear you -- I'm using the scrambler."<br></div>
</div></div>