Squid is killing me! Please help. Invalid url and i have already tried google!

Stryderking

Hello,

If anyone could help me with this you can save a bullet from my head! haha jk. im trying to set up squid proxy and Ive tried google and bing :)) here is my squid config not sure what im doing wrong but i get a invalid URL every time i turn on allow all users.

Do not edit manually !

http_port 192.168.0.1:3128
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-amd64/etc/squid/errors/English
icon_directory /usr/pbi/squid-amd64/etc/squid/icons
visible_hostname proxy.pfsense.secure
cache_mgr Ericr@kinetisys.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 7
shutdown_lifetime 3 seconds
uri_whitespace strip
dns_nameservers 192.168.0.236 4.2.2.2 68.94.156.1 68.94.157.1
cache_mem 4000 MB
maximum_object_size_in_memory 250 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 20000 64 256
minimum_object_size 0 KB
maximum_object_size 307200 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 80 443
acl sslports port 443 563  443
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl allowed_subnets src 192.168.0.0/24
cache deny dynamic
http_access allow manager localhost

Allow external cache managers

acl ext_manager_1 src 192.168.0.1
http_access allow manager ext_manager_1

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

Setup allowed acls

http_access allow allowed_subnets

Default block all to be sure

http_access deny all

marcelloc

Enable log and check cache.log
You can try squid -k parse too.

Stryderking

Hello, Thank you for the quick response. Not sure how to do the squid -k parse. i have pulled two hours or so from my log.

2013/08/22 12:07:24| Starting Squid Cache version 2.7.STABLE9 for amd64-portbld-freebsd8.1…
2013/08/22 12:07:24| Process ID 34960
2013/08/22 12:07:24| With 11095 file descriptors available
2013/08/22 12:07:24| Using kqueue for the IO loop
2013/08/22 12:07:24| DNS Socket created at 0.0.0.0, port 33351, FD 11
2013/08/22 12:07:24| Adding domain kinetisys.com from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 68.94.156.1 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 68.94.157.1 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 10.0.0.1 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 192.168.0.253 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 68.94.156.1 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2013/08/22 12:07:24| Adding nameserver 4.2.2.2 from /etc/resolv.conf
2013/08/22 12:07:24| Referer logging is disabled.
2013/08/22 12:07:24| logfileOpen: opening log /var/squid/logs/access.log
2013/08/22 12:07:24| Unlinkd pipe opened on FD 17
2013/08/22 12:07:24| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2013/08/22 12:07:24| Target number of buckets: 425
2013/08/22 12:07:24| Using 8192 Store buckets
2013/08/22 12:07:24| Max Mem  size: 8192 KB
2013/08/22 12:07:24| Max Swap size: 102400 KB
2013/08/22 12:07:24| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2013/08/22 12:07:24| logfileOpen: opening log /var/squid/logs/store.log
2013/08/22 12:07:24| Rebuilding storage in /var/squid/cache (DIRTY)
2013/08/22 12:07:24| Using Least Load store dir selection
2013/08/22 12:07:24| Set Current Directory to /var/squid/cache
2013/08/22 12:07:24| Loaded Icons.
2013/08/22 12:07:24| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 18.
2013/08/22 12:07:24| Accepting ICP messages at 0.0.0.0, port 3130, FD 19.
2013/08/22 12:07:24| Accepting HTCP messages on port 4827, FD 22.
2013/08/22 12:07:24| Accepting SNMP messages on port 3401, FD 23.
2013/08/22 12:07:24| WCCP Disabled.
2013/08/22 12:07:24| Ready to serve requests.
2013/08/22 12:07:25| Done scanning /var/squid/cache (0 entries)
2013/08/22 12:07:25| Finished rebuilding storage from disk.
2013/08/22 12:07:25|        0 Entries scanned
2013/08/22 12:07:25|        0 Invalid entries.
2013/08/22 12:07:25|        0 With invalid flags.
2013/08/22 12:07:25|        0 Objects loaded.
2013/08/22 12:07:25|        0 Objects expired.
2013/08/22 12:07:25|        0 Objects cancelled.
2013/08/22 12:07:25|        0 Duplicate URLs purged.
2013/08/22 12:07:25|        0 Swapfile clashes avoided.
2013/08/22 12:07:25|  Took 0.5 seconds (  0.0 objects/sec).
2013/08/22 12:07:25| Beginning Validation Procedure
2013/08/22 12:07:25|  Completed Validation Procedure
2013/08/22 12:07:25|  Validated 0 Entries
2013/08/22 12:07:25|  store_swap_size = 0k
2013/08/22 12:07:25| storeLateRelease: released 0 objects
2013/08/28 18:46:12| WARNING: Unused ICP version 33 received from 61.147.76.67:24232
2013/08/28 19:11:22| WARNING: Unused ICP version 98 received from 213.231.100.60:56435
2013/08/28 19:17:19| WARNING: Unused ICP version 17 received from 122.226.212.234:17657
2013/08/28 19:32:34| WARNING: Unused ICP version 17 received from 122.226.212.234:17657
2013/08/29 10:02:57| Preparing for shutdown after 3 requests
2013/08/29 10:02:57| Waiting 30 seconds for active connections to finish
2013/08/29 10:02:57| FD 18 Closing HTTP connection
2013/08/29 10:12:27| Starting Squid Cache version 2.7.STABLE9 for amd64-portbld-freebsd8.1...
2013/08/29 10:12:27| Process ID 54861
2013/08/29 10:12:27| With 11095 file descriptors available
2013/08/29 10:12:27| Using kqueue for the IO loop
2013/08/29 10:12:27| DNS Socket created at 0.0.0.0, port 23008, FD 11
2013/08/29 10:12:27| Adding domain kinetisys.com from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 68.94.157.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 10.0.0.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 192.168.0.253 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 4.2.2.2 from /etc/resolv.conf
2013/08/29 10:12:27| Referer logging is disabled.
2013/08/29 10:12:27| logfileOpen: opening log /dev/null
2013/08/29 10:12:27| Unlinkd pipe opened on FD 16
2013/08/29 10:12:27| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2013/08/29 10:12:27| Target number of buckets: 425
2013/08/29 10:12:27| Using 8192 Store buckets
2013/08/29 10:12:27| Max Mem  size: 8192 KB
2013/08/29 10:12:27| Max Swap size: 102400 KB
2013/08/29 10:12:27| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2013/08/29 10:12:27| Store logging disabled
2013/08/29 10:12:27| Rebuilding storage in /var/squid/cache (DIRTY)
2013/08/29 10:12:27| Using Least Load store dir selection
2013/08/29 10:12:27| Current Directory is /usr/local/www
2013/08/29 10:12:27| Loaded Icons.
2013/08/29 10:12:27| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 15.
2013/08/29 10:12:27| Accepting HTCP messages on port 4827, FD 17.
2013/08/29 10:12:27| Accepting SNMP messages on port 3401, FD 18.
2013/08/29 10:12:27| WCCP Disabled.
2013/08/29 10:12:27| Ready to serve requests.
2013/08/29 10:12:27| Reconfiguring Squid Cache (version 2.7.STABLE9)...
2013/08/29 10:12:27| FD 15 Closing HTTP connection
2013/08/29 10:12:27| FD 17 Closing HTCP socket
2013/08/29 10:12:27| FD 18 Closing SNMP socket
2013/08/29 10:12:27| logfileClose: closing log /dev/null
2013/08/29 10:12:27| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2013/08/29 10:12:27| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
2013/08/29 10:12:27| Initialising SSL.
2013/08/29 10:12:27| logfileOpen: opening log /dev/null
2013/08/29 10:12:27| Store logging disabled
2013/08/29 10:12:27| Referer logging is disabled.
2013/08/29 10:12:27| DNS Socket created at 0.0.0.0, port 18532, FD 12
2013/08/29 10:12:27| Adding domain kinetisys.com from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 68.94.157.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 10.0.0.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 192.168.0.253 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2013/08/29 10:12:27| Adding nameserver 4.2.2.2 from /etc/resolv.conf

marcelloc

@Stryderking:

Hello, Thank you for the quick response. Not sure how to do the squid -k parse. i have pulled two hours or so from my log.

Go to pfsense console/ssh and type

squid -k parse

Stryderking

Ok i typed that into shell. Nothing happened that i noticed. I have rebooted pfsense and still same issues. URLs work fine until i check Allow users on interface. then it will just say connecting. I can still ping Google.com or bing.com and games and steams such as Pandora will still work. but trying to load something new will just sit and spin.

Stryderking

under realtime i am pulled this

Date IP Status Address User Destination
20.10.2013 18:43:39 199.87.232.177 TCP_DENIED/403 203.188.201.203:25 - -
20.10.2013 15:29:54 121.56.114.123 TCP_DENIED/403 http://www.163.com/ - -
20.10.2013 02:39:25 121.56.113.165 TCP_DENIED/403 http://www.163.com/ - -
19.10.2013 16:01:35 121.56.113.165 TCP_DENIED/403 http://www.163.com/ - -
19.10.2013 01:09:01 1.34.22.39 TCP_DENIED/403 smtp.mail.yahoo.com:25 - -

not sure if this helps or not.

marcelloc

@Stryderking:

under realtime i am pulled this

Date IP Status Address User Destination
20.10.2013 18:43:39 199.87.232.177 TCP_DENIED/403 203.188.201.203:25 - -
19.10.2013 01:09:01 1.34.22.39 TCP_DENIED/403 smtp.mail.yahoo.com:25 - -

Smtp access on squid? This is really weird. ???

Stryderking

Yeah im not sure what to do from here. My next step will be to reinstall pfsense start from scratch.