[squid-users] SQUID with cache_peer config + E2guardian - too many connections

Klaus Brandl klaus_brandl at genua.de
Wed Jul 29 08:29:33 UTC 2020


On Wednesday 29 July 2020 14:50:11 Amos Jeffries wrote:
> On 29/07/20 1:07 pm, Contato - KONNTROL wrote:
> > Hello Everyone,
> > Greetings.
> > 
> > Background:
> > OS - FreeBSD 12.1
> > SQUID ver 4.10
> > OpenSSL 1.0.2u
> > 
> > I am trying to use SQUID in front of E2Guardian (content filter) with the
> > following configuration at the SQUID side.
> > 
> > ###
> > cache_peer 127.0.0.1 parent 8080 0 login=*:password
> > client_persistent_connections on
> > always_direct deny all
> > never_direct allow all
> > ###
> > 
> > It works fine till the point  SQUID exhausts all E2Guardian
> > threads/workers, no matter the amount you set. If 1000, SQUID is opening
> > 1000 connections. If 10.000, squid also opens 10.000 connections.
> > I tried the directive "client_persistent_connections on and off" with no
> > success.
> > Even using a single browser for testing purposes, for some reason SQUID
> > opens thousands of connections against the E2guardian.
> > I did a wireshark capture to "see" what is  happening and it seems like a
> > lot of ACK/SYN with no payload.
> > 
> > Any idea? Maybe I am using a wrong configuration.
> 
> You are. BUT, I think you have a forwarding loop happening so the
> correct config for limiting connections will not help.
> 
> You should be able to test for loops by enabling the Via header. If your
> squid.conf contains "via off" remove that line. Assuming e2g is not
> removing that header Squid will reject loops with an error message.

Setting an other "visible_hostname" may also help.

Klaus

---

genua GmbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de

Geschaeftsfuehrer: Matthias Ochs, Marc Tesch
Amtsgericht Muenchen HRB 98238
genua ist ein Unternehmen der Bundesdruckerei-Gruppe.


More information about the squid-users mailing list