<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Dear Ones, I draw on your experience in seeking help to determine whether or not it is possible to achieve the configuration I am looking for, due to a strange error I am having.</div><div><br></div><div>Before commenting on the bug I describe my testing environment:</div><div>- A VM CentOS 7 Core over VirtualBox 5.2, 1 NIC.</div><div>- My VM is attached to my domain W2012R2 (following this post <a href="https://www.rootusers.com/how-to-join-centos-linux-to-an-active-directory-domain/">https://www.rootusers.com/how-to-join-centos-linux-to-an-active-directory-domain/</a>) to achieve kerberos authentication transparent to the user. SElinux disabled. Owner permissions to user squid in all folders/files involved.</div><div>- squid 3.5.20 installed and working great with kerberos, NTLM and basic authentication. All authentication mechanisms tested and working great.</div><div>- SquidGuard: 1.4 Berkeley DB 5.3.21 installed and working great with blacklists and acl default.</div><div><br></div><div>My problem starts when I try to use source acl using ldapusersearch in squidGuard... </div><div><br></div><div>systemctl status squid:</div><div><div>(squid-1)[12627]: The redirector helpers are crashing too rapidly, need help!</div></div><div><br></div><div><b>squidGuard.conf</b></div><div><br></div><div><div>dbhome /etc/squid/db</div><div>logdir /var/log/squidGuard</div><div>ldapbinddn CN=ldap,OU=SERVICIOS,OU=SISTEMAS,OU=CANAL,OU=MYCOMPANY,DC=mydomain,DC=local</div><div>ldapbindpass myULTRAsecretPASS</div><div>ldapprotover 3</div><div><br></div><div><br></div><div>src WEB_BASIC {<br></div><div>ldapusersearch ldap://dc-1.mydomain.local:3268/dc=mydomain,dc=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=WEB_BASIC%2cou=INTERNET%2cou=PERMISOS%2cou=MYCOMPANY%2cdc=mydomain%2cdc=local))</div><div>log block.log</div><div>}</div><div><br></div><div><div>dest BL_adv {</div><div> domainlist adv/domains</div><div> urllist adv/urls</div><div> log block.log</div><div>}</div><div><br></div><div>dest BL_aggressive {</div><div> domainlist aggressive/domains</div><div> urllist aggressive/urls</div><div> log block.log</div><div>}</div><div># </div><div>dest BL_alcohol {</div><div><span style="white-space:pre"> </span>domainlist alcohol/domains</div><div><span style="white-space:pre"> </span>urllist alcohol/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_anonvpn {</div><div><span style="white-space:pre"> </span>domainlist anonvpn/domains</div><div><span style="white-space:pre"> </span>urllist anonvpn/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_chat {</div><div><span style="white-space:pre"> </span>domainlist chat/domains</div><div><span style="white-space:pre"> </span>urllist chat/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_costtraps {</div><div><span style="white-space:pre"> </span>domainlist costtraps/domains</div><div><span style="white-space:pre"> </span>urllist costtraps/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_downloads {</div><div><span style="white-space:pre"> </span>domainlist downloads/domains</div><div><span style="white-space:pre"> </span>urllist downloads/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_drugs {</div><div><span style="white-space:pre"> </span>domainlist drugs/domains</div><div><span style="white-space:pre"> </span>urllist drugs/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_dynamic {</div><div><span style="white-space:pre"> </span>domainlist dynamic/domains</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_fortunetelling {</div><div><span style="white-space:pre"> </span>domainlist fortunetelling/domains</div><div><span style="white-space:pre"> </span>urllist fortunetelling/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_gamble {</div><div><span style="white-space:pre"> </span>domainlist gamble/domains</div><div><span style="white-space:pre"> </span>urllist gamble/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_government {</div><div><span style="white-space:pre"> </span>domainlist government/domains</div><div><span style="white-space:pre"> </span>urllist government/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_hacking {</div><div><span style="white-space:pre"> </span>domainlist hacking/domains</div><div><span style="white-space:pre"> </span>urllist hacking/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_hobby_games-misc {</div><div><span style="white-space:pre"> </span>domainlist hobby/games-misc/domains</div><div><span style="white-space:pre"> </span>urllist hobby/games-misc/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_hobby_games-online {</div><div><span style="white-space:pre"> </span>domainlist hobby/games-online/domains</div><div><span style="white-space:pre"> </span>urllist hobby/games-online/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_movies {</div><div><span style="white-space:pre"> </span>domainlist movies/domains</div><div><span style="white-space:pre"> </span>urllist movies/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_music {</div><div><span style="white-space:pre"> </span>domainlist music/domains</div><div><span style="white-space:pre"> </span>urllist music/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_porn {</div><div><span style="white-space:pre"> </span>domainlist porn/domains</div><div><span style="white-space:pre"> </span>urllist porn/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_radiotv {</div><div><span style="white-space:pre"> </span>domainlist radiotv/domains</div><div><span style="white-space:pre"> </span>urllist radiotv/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_redirector {</div><div><span style="white-space:pre"> </span>domainlist redirector/domains</div><div><span style="white-space:pre"> </span>urllist redirector/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_remotecontrol {</div><div><span style="white-space:pre"> </span>domainlist remotecontrol/domains</div><div><span style="white-space:pre"> </span>urllist remotecontrol/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_ringtones {</div><div><span style="white-space:pre"> </span>domainlist ringtones/domains</div><div><span style="white-space:pre"> </span>urllist ringtones/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_socialnet {</div><div><span style="white-space:pre"> </span>domainlist socialnet/domains</div><div><span style="white-space:pre"> </span>urllist socialnet/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_spyware {</div><div><span style="white-space:pre"> </span>domainlist spyware/domains</div><div><span style="white-space:pre"> </span>urllist spyware/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_tracker {</div><div><span style="white-space:pre"> </span>domainlist tracker/domains</div><div><span style="white-space:pre"> </span>urllist tracker/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_updatesites {</div><div><span style="white-space:pre"> </span>domainlist updatesites/domains</div><div><span style="white-space:pre"> </span>urllist updatesites/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_violence {</div><div><span style="white-space:pre"> </span>domainlist violence/domains</div><div><span style="white-space:pre"> </span>urllist violence/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_warez {</div><div><span style="white-space:pre"> </span>domainlist warez/domains</div><div><span style="white-space:pre"> </span>urllist warez/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_weapons {</div><div><span style="white-space:pre"> </span>domainlist weapons/domains</div><div><span style="white-space:pre"> </span>urllist weapons/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_webphone {</div><div><span style="white-space:pre"> </span>domainlist webphone/domains</div><div><span style="white-space:pre"> </span>urllist webphone/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_webradio {</div><div><span style="white-space:pre"> </span>domainlist webradio/domains</div><div><span style="white-space:pre"> </span>urllist webradio/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div># </div><div>dest BL_WEBTV {</div><div><span style="white-space:pre"> </span>domainlist webtv/domains</div><div><span style="white-space:pre"> </span>urllist webtv/urls</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div><br></div><div><br></div><div>dest whitelist {</div><div><span style="white-space:pre"> </span>domainlist whitelist/domains</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div><div><br></div><div>dest blacklist {</div><div><span style="white-space:pre"> </span>domainlist blacklist/domains</div><div><span style="white-space:pre"> </span>log block.log</div><div>}</div></div><div><br></div><div><br></div><div>acl {<br></div><div><br></div><div>WEB_BASIC<span style="white-space:pre"> </span>{<br></div><div><span style="white-space:pre"> </span>pass whitelist !BL_porn !blacklist all</div><div><span style="white-space:pre"> </span>redirect <a href="http://s-server1.mydomain.local/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u">http://s-server1.mydomain.local/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u</a></div><div><span style="white-space:pre"> </span>log block.log</div><div><span style="white-space:pre"> </span>}</div><div><br></div><div>default<span style="white-space:pre"> </span>{<br></div><div><span style="white-space:pre"> </span>pass !blacklist all</div><div><span style="white-space:pre"> </span>redirect <a href="http://s-server1.mydomain.local/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u">http://s-server1.mydomain.local/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u</a></div><div><span style="white-space:pre"> </span>log block.log</div><div><span style="white-space:pre"> </span>}</div><div><br></div><div>}</div></div><div><br></div><div><br></div><div><b>squidGuard.log</b></div><div><br></div><div><div><div>2018-09-17 11:13:39 [12663] New setting: dbhome: /etc/squid/db</div><div>2018-09-17 11:13:39 [12663] New setting: logdir: /var/log/squidGuard</div><div>2018-09-17 11:13:39 [12663] New setting: ldapbinddn: CN=ldap,OU=SERVICIOS,OU=SISTEMAS,OU=CANAL,OU=MYCOMPANY,DC=mydomain,DC=local</div><div>2018-09-17 11:13:39 [12663] New setting: ldapbindpass: myULTRAsecretPASS</div><div>2018-09-17 11:13:39 [12663] New setting: ldapprotover: 3</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/adv/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/adv/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/adv/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/adv/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/aggressive/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/aggressive/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/aggressive/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/aggressive/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/alcohol/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/alcohol/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/alcohol/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/alcohol/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/anonvpn/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/anonvpn/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/anonvpn/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/anonvpn/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/chat/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/chat/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/chat/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/chat/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/costtraps/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/costtraps/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/costtraps/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/costtraps/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/downloads/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/downloads/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/downloads/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/downloads/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/drugs/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/drugs/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/drugs/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/drugs/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/dynamic/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/dynamic/domains.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/fortunetelling/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/fortunetelling/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/fortunetelling/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/fortunetelling/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/gamble/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/gamble/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/gamble/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/gamble/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/government/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/government/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/government/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/government/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/hacking/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/hacking/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/hacking/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/hacking/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/hobby/games-misc/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/hobby/games-misc/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/hobby/games-misc/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/hobby/games-misc/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/hobby/games-online/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/hobby/games-online/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/hobby/games-online/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/hobby/games-online/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/movies/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/movies/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/movies/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/movies/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/music/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/music/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/music/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/music/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/porn/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/porn/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/porn/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/porn/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/radiotv/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/radiotv/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/radiotv/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/radiotv/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/redirector/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/redirector/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/redirector/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/redirector/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/remotecontrol/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/remotecontrol/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/remotecontrol/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/remotecontrol/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/ringtones/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/ringtones/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/ringtones/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/ringtones/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/socialnet/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/socialnet/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/socialnet/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/socialnet/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/spyware/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/spyware/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/spyware/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/spyware/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/tracker/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/tracker/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/tracker/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/tracker/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/updatesites/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/updatesites/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/updatesites/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/updatesites/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/violence/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/violence/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/violence/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/violence/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/warez/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/warez/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/warez/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/warez/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/weapons/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/weapons/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/weapons/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/weapons/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/webphone/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/webphone/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/webphone/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/webphone/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/webradio/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/webradio/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/webradio/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/webradio/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/webtv/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/webtv/domains.db</div><div>2018-09-17 11:13:39 [12663] init urllist /etc/squid/db/webtv/urls</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/webtv/urls.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/whitelist/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/whitelist/domains.db</div><div>2018-09-17 11:13:39 [12663] init domainlist /etc/squid/db/blacklist/domains</div><div>2018-09-17 11:13:39 [12663] loading dbfile /etc/squid/db/blacklist/domains.db</div><div>2018-09-17 11:13:39 [12663] logfile not allowed in acl other than default</div><div>2018-09-17 11:13:39 [12663] squidGuard 1.4 started (1537193619.900)</div><div>2018-09-17 11:13:39 [12663] squidGuard ready for requests (1537193619.903)</div></div></div><div><br></div><div><b>squid.conf</b></div><div><br></div><div><div>acl localnet src <a href="http://10.10.8.0/22">10.10.8.0/22</a> # LAN net<br></div><div>acl dmz src <a href="http://192.168.20.0/27">192.168.20.0/27</a> # DMZ net</div><div><br></div><div>### negotiate kerberos & ntlm authentication<br></div><div>auth_param negotiate program /usr/sbin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib64/squid/negotiate_kerberos_auth -r -i -s GSS_C_NO_NAME </div><div>auth_param negotiate children 10 </div><div>auth_param negotiate keep_alive on</div><div><br></div><div>### basic authentication for not kerberos or ntlm authenticated users</div><div>auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "dc=mydomain,dc=local" -D "ldap@mydomain.local" -w "
myULTRAsecretPASS " -f sAMAccountName=%s -h dc-1.mydomain.local </div><div>auth_param basic children 10 </div><div>auth_param basic realm Identifiquese </div><div>auth_param basic credentialsttl 4 hours</div><div><br></div><div>### standard allowed ports</div><div>acl SSL_ports port 443 </div><div>acl Safe_ports port 80 # http </div><div>acl Safe_ports port 21 # ftp </div><div>acl Safe_ports port 443 # https </div><div>acl Safe_ports port 70 # gopher </div><div>acl Safe_ports port 210 # wais </div><div>acl Safe_ports port 1025-65535 # unregistered ports </div><div>acl Safe_ports port 280 # http-mgmt </div><div>acl Safe_ports port 488 # gss-http </div><div>acl Safe_ports port 591 # filemaker </div><div>acl Safe_ports port 777 # multiling http </div><div>acl CONNECT method CONNECT</div><div><br></div><div>### acl for proxy authentication (kerberos or ntlm) and ldap authorizations</div><div>acl auth proxy_auth REQUIRED</div><div><br></div><div># Define protocols used for redirects</div><div>acl HTTP proto HTTP</div><div>acl HTTPS proto HTTPS</div><div><br></div><div>### enforce authentication</div><div>http_access allow auth </div><div>http_access deny !auth</div><div><br></div><div>### standard access rules</div><div>http_access deny !Safe_ports </div><div>http_access deny CONNECT !SSL_ports </div><div>http_access allow localhost manager </div><div>http_access deny manager </div><div>http_access allow localnet</div><div>http_access allow dmz</div><div>http_access allow localhost </div><div>http_access deny all</div><div><br></div><div>### OPCIONES VARIAS ###</div><div>http_port 8080 </div><div>coredump_dir /var/spool/squid </div><div>refresh_pattern ^ftp: 1440 20% 10080 </div><div>refresh_pattern ^gopher: 1440 0% 1440 </div><div>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 </div><div>refresh_pattern . 0 20% 4320 </div><div>quick_abort_min 0 KB <br></div><div>quick_abort_max 0 KB </div><div>read_timeout 5 minutes </div><div>request_timeout 3 minutes </div><div>half_closed_clients off </div><div>shutdown_lifetime 15 seconds </div><div>log_icp_queries off </div><div>dns_v4_first on </div><div>ipcache_size 2048 </div><div>ipcache_low 90 </div><div>fqdncache_size 4096 </div><div>forwarded_for off </div><div>cache_mgr <a href="mailto:sistemas@mydomain.com">sistemas@mydomain.com</a> </div><div>visible_hostname eren </div><div>httpd_suppress_version_string on </div><div>uri_whitespace strip</div><div><br></div><div><br></div><div>## squidGuard ##</div><div>url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf</div><div>url_rewrite_children 10 startup=5 idle=1 concurrency=0</div><div>url_rewrite_bypass off</div></div><div><br></div><div><br></div><div><b>cache.log</b></div><div><br></div><div><div>Squid Cache (Version 3.5.20): Terminated abnormally.</div><div>CPU Usage: 0.070 seconds = 0.055 user + 0.015 sys</div><div>Maximum Resident Size: 68768 KB</div><div>Page faults with physical i/o: 0</div><div>2018/09/17 11:13:36 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu...</div><div>2018/09/17 11:13:36 kid1| Service Name: squid</div><div>2018/09/17 11:13:36 kid1| Starting new negotiateauthenticator helpers...</div><div>2018/09/17 11:13:36 kid1| Starting new negotiateauthenticator helpers...</div><div>2018/09/17 11:13:36| negotiate_kerberos_auth: INFO: User <a href="http://my.name">my.name</a> authenticated</div><div>2018/09/17 11:13:36 kid1| WARNING: redirector #Hlpr1 exited</div><div>FATAL: The redirector helpers are crashing too rapidly, need help!</div><div><br></div><div>Squid Cache (Version 3.5.20): Terminated abnormally.</div><div>CPU Usage: 0.086 seconds = 0.057 user + 0.029 sys</div><div>Maximum Resident Size: 68752 KB</div><div>Page faults with physical i/o: 0</div><div>2018/09/17 11:13:36| negotiate_kerberos_auth: INFO: User <a href="http://my.name">my.name</a> authenticated</div><div>2018/09/17 11:13:39 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu...</div><div>2018/09/17 11:13:39 kid1| Service Name: squid</div></div><div><br></div><div><b>access.log</b></div><div><br></div><div><div>1537193586.999 0 10.10.11.154 TCP_DENIED/407 4137 CONNECT <a href="http://www.google.com.ar:443">www.google.com.ar:443</a> - HIER_NONE/- text/html</div><div>1537193587.242 0 10.10.11.154 TCP_DENIED/407 4185 CONNECT <a href="http://clientservices.googleapis.com:443">clientservices.googleapis.com:443</a> - HIER_NONE/- text/html</div><div>1537193587.269 0 10.10.11.154 TCP_DENIED/407 4145 CONNECT <a href="http://accounts.google.com:443">accounts.google.com:443</a> - HIER_NONE/- text/html</div><div>1537193587.269 0 10.10.11.154 TCP_DENIED/407 4137 CONNECT <a href="http://www.google.com.ar:443">www.google.com.ar:443</a> - HIER_NONE/- text/html</div><div>1537193613.322 0 10.10.11.154 TCP_DENIED/407 4185 CONNECT <a href="http://clientservices.googleapis.com:443">clientservices.googleapis.com:443</a> - HIER_NONE/- text/html</div><div>1537193616.653 1 10.10.11.154 TCP_DENIED/407 4125 CONNECT <a href="http://www.clarin.com:443">www.clarin.com:443</a> - HIER_NONE/- text/html</div><div>1537193616.732 0 10.10.11.154 TCP_DENIED/407 4145 CONNECT <a href="http://accounts.google.com:443">accounts.google.com:443</a> - HIER_NONE/- text/html</div><div>1537193616.749 1 10.10.11.154 TCP_DENIED/407 4137 CONNECT <a href="http://www.google.com.ar:443">www.google.com.ar:443</a> - HIER_NONE/- text/html</div></div><div><br></div><div><b>messages</b></div><div><br></div><div><div>Sep 17 11:13:07 proxy kernel: squidGuard[12552]: segfault at ffffffffd7706bb0 ip 00007fdbf2052e70 sp 00007fffd1b73c70 error 5 in libldap-2.4.so.2.10.7[7fdbf2027000+52000]</div><div>Sep 17 11:13:07 proxy kernel: squidGuard[12553]: segfault at ffffffffa3d27bb0 ip 00007fd79b787e70 sp 00007ffe47e9b880 error 5 in libldap-2.4.so.2.10.7[7fd79b75c000+52000]</div><div>Sep 17 11:13:07 proxy (squid-1): The redirector helpers are crashing too rapidly, need help!</div><div>Sep 17 11:13:07 proxy squid[12549]: Squid Parent: (squid-1) process 12551 exited with status 1</div><div>Sep 17 11:13:10 proxy squid[12549]: Squid Parent: (squid-1) process 12627 started</div><div>Sep 17 11:13:33 proxy kernel: squidGuard[12628]: segfault at 1fbd2bb0 ip 00007f452b305e70 sp 00007ffda8c714b0 error 4 in libldap-2.4.so.2.10.7[7f452b2da000+52000]</div><div>Sep 17 11:13:33 proxy (squid-1): The redirector helpers are crashing too rapidly, need help!</div><div>Sep 17 11:13:33 proxy squid[12549]: Squid Parent: (squid-1) process 12627 exited with status 1</div><div>Sep 17 11:13:36 proxy squid[12549]: Squid Parent: (squid-1) process 12643 started</div><div>Sep 17 11:13:36 proxy kernel: squidGuard[12644]: segfault at 540fdbb0 ip 00007fab84f2de70 sp 00007ffc1aa8d2a0 error 4 in libldap-2.4.so.2.10.7[7fab84f02000+52000]</div><div>Sep 17 11:13:36 proxy (squid-1): The redirector helpers are crashing too rapidly, need help!</div><div>Sep 17 11:13:36 proxy squid[12549]: Squid Parent: (squid-1) process 12643 exited with status 1</div><div>Sep 17 11:13:39 proxy squid[12549]: Squid Parent: (squid-1) process 12658 started</div></div><div><br></div><div><br></div><div><div>If I disable src and acl WEB_BASIC I have no problem. The default acl does its thing without problems.</div><div>But when I enable src and acl WEB_BASIC squidGuard explodes and squid restarts so I get to notice.</div><div>I see an error in a libldap library... Will it be a library error? Or am I misconfiguring my squid ?</div><div><br></div><div>Just in case I've checked more than ten times the URLs of LDAP queries (, %2c, etc etc)<br></div><div><br></div><div>Thank you very much for any help you can give me.</div><div>Best regards</div><div><br></div><div>Gabriel</div></div><div><br></div><div><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>