[Ajuda] Problemas no sqstat lightsquid

atsuma

Oba!

Estou com problemas no sqstat:

SqStat error
Error (1): Cannot get data. Server answered: HTTP/1.0 403 Forbidden

Nunca consegui fazer funcionar.

Alguém tem alguma ideia o que seja?!

Grato e no aguardo…

nofault

Poste os logs para melhor analise

atsuma

não tem log.
Vou na aba proxy state e aparece isso.

nofault

provavelmente alguma configuração do squid , poste seu squid.conf aqui para analise

nofault

Verifique se você habilitou o log no squid , e tem que estar com este path -> /var/squid/logs , após estar habilitado tem que clicar em "Refresh Full" e "Refresh Now"

atsuma

segue a conf


# This file is automatically generated by pfSense
# Do not edit manually !
http_port 10.0.0.40:3128
http_port 127.0.0.1:3128 intercept
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language Portuguese
icon_directory /usr/local/etc/squid/icons
visible_hostname Webhost
cache_mgr admin@suporte.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 30
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  10.0.0.0/16
via off
httpd_suppress_version_string on
uri_whitespace strip

# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

# Let the clients favorite video site through with full caching
acl youtube dstdomain .youtube.com
cache allow youtube

# Windows Update refresh_pattern
range_offset_limit -1
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

# Symantec refresh_pattern
range_offset_limit -1
refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

# Avast refresh_pattern
range_offset_limit -1
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims

# Avira refresh_pattern
range_offset_limit -1
refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims
cache_mem 512 MB
maximum_object_size_in_memory 1024 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 5000 16 256
minimum_object_size 0 KB
maximum_object_size 400 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:    1440  20%  10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
refresh_pattern .    0  20%  4320
# No redirector configured

#Remote proxies

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 1025-65535 
acl sslports port 443 563 8080 
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

acl allowed_subnets src 10.0.0.0/16
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
http_access allow manager localhost

# Allow external cache managers
acl ext_manager src 127.0.0.1
acl ext_manager src 10.0.0.40
acl ext_manager src 
http_access allow manager ext_manager

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min 4000000 KB
quick_abort_max 0 KB
request_body_max_size 4000000000 KB
reply_body_max_size 4000000000 KB allsrc 
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

# Reverse Proxy settings

# Package Integration
never_direct allow all
cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass off
url_rewrite_children 5

# Custom options
acl store_rewrite_list urlpath_regex            \/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex            \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex         ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex         (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex       \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex     \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET
#
acl store_rewrite_list_domain_CDN url_regex ^http://([a-z][0-9]\.){0,1}(profile|sphotos|photos-[a-z])\.ak\.fbcdn\.net/hp(rofile|hotos)-ak- 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://[^/]*\.(youtube|googlevideo).com/(get_video|videoplayback|videodownload)\? 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://i.\.ytimg\.com/.*\.(bmp|gif|jpg|png) 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://lh.\.ggpht\.com/.*\.(bmp|gif|jpg|png) 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
#acl store_rewrite_list_domain_CDN url_regex ^http://(.{1,2}\.|)media\.tumblr\.com/.*\.(bmp|gif|jpg|png) 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://(i|th).{1,4}\.photobucket\.com/.*\.(bmp|gif|jpg|png) 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://[1-4]\.bp\.blogspot\.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://download.*\.avast\.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://(backup|a.|pupdate-aa)\.avg\.c(om|z)/softw/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://av\.vimeo\.com/.*\.(mp4|flv) 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://.{1,3}\.video.\.blip\.tv.*\.(m4v|flv|mp4|wmv|rm|ram|mov|avi|mp3) 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://flashvideo.globo.com/.*mp4 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://(img|content).{1,2}.catalog.video.msn.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://(video.{1,2}|thumb|storage)\.mais\.uol\.com.br/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://v.mccont.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://(img..|videos\.flv.{0,1})\.redtubefiles\.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://wpc.porntube.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://porn.{1,3}\.xvideos\.com/.*\.flv 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://s[0-9]{0,3}\.videobb\.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://t.\.gstatic\.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://cdn[1-3][a-z]{0,1}.*\.phncdn\.com/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://nyc-v[0-9]{1,3}\.pornhub\.com/*\.flv 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
acl store_rewrite_list_domain_CDN url_regex ^http://[a-z]{1,}\.dl\.sourceforge\.net\/project/ 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
#

# Block access to blacklist domains
http_access deny blacklist
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

nofault

la na area do proxy report você setou o tempo clicou em refresh full e refresh now?

uma dúvida porque você colocou essa config: http_port 127.0.0.1:3128 intercept ?

pfsense.png_thumb

atsuma

já dei o refresh e o full>lembrando que não é o lightsquid e sim o sqstat.
A regra que você citou vem por padrão.

nofault

na minha config do squid não possui essa configuração lembrando que meu squid é o 3 , outra coisa ontem no SQstat eu tinha o mesmo erro , porém hoje esta funcionando normalmente. , comente a regras http_port 127.0.0.1 e veja se funciona.


[2.0.1-RELEASE][admin@pfsense.itai.org.br]/root(1): cat /usr/local/etc/squid/squid.conf
# This file is automatically generated by pfSense
# Do not edit manually !
http_port 192.168.1.70:8081
icp_port 7
dns_v4_first on
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language pt-br
icon_directory /usr/local/etc/squid/icons
visible_hostname Proxy ITAI
cache_mgr rodolfo.fontes@itai.org.br
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 30
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.1.0/24
uri_whitespace strip

# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

# Let the clients favorite video site through with full caching
acl youtube dstdomain .youtube.com
cache allow youtube
cache_mem 512 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 4000 16 256
minimum_object_size 0 KB
maximum_object_size 4 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:    1440  20%  10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
refresh_pattern .    0  20%  4320
# No redirector configured

#Remote proxies

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
acl sslports port 443 563  
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

acl allowed_subnets src 192.168.1.0/24
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
http_access allow manager localhost

# Allow external cache managers
acl ext_manager src 127.0.0.1
acl ext_manager src 192.168.1.70
acl ext_manager src 
http_access allow manager ext_manager

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min -1 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 4000000 KB allsrc 
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

# Reverse Proxy settings

# Custom options
refresh_pattern -i \.(html|htm|html\?|htm\?)$ 9440 90% 100000 override-expire reload-into-ims
refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp|tiff|webp|bif|gif\?|png\?|jpg\?|jpeg\?|ico\?|bmp\?|tiff\?|webp\?|bif\?)$ 36000 90% 100000 override-expire reload-into-ims ignore-reload
refresh_pattern \.(swf|swf\?|js|js\?|wav|css|css\?|class|dat|zsci)$ 36000 90% 100000 override-expire reload-into-ims
refresh_pattern -i \.(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll\?|crx|enc|skl|arc)$ 36000 90% 100000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(xml)$ 0 90% 100000
refresh_pattern -i \.(json|json\?)$ 1440 90% 5760 override-expire reload-into-ims
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern ^ftp: 5440 90% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i . 0 90% 5760
ignore_expect_100 on
log_icp_queries off
minimum_object_size 0 KB

atsuma

declarei e nada, mas acho que descobri.quando você instala o lightsquid automaticamente já vem o sqstat, porém o "config.inc.php" não vem o arquivo.Por isso que esta dando esse esse.Vou fazer os teste depois eu falo como foi!

atsuma

Mesmo colocando o config.inc.pho na pasta e configurando dá na mesma!
Voltei para estaca 0…putz...

nofault

Desabilita o dansguardian e faça o teste e verifique se aparece.

atsuma

Não tenho dansguardian, só squidguard e o squid3 e já desabilitei o guard e nada também.

nofault

o lightsquid ta gerando relatório ?

atsuma

já achei o erro!.
O lightsquid gera normal, o problema era a linha na conf do squid: "http_deny manager", ou seja, vai negar o gerenciamento mesmo e por isso deu 403 Forbbiden.