Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] squid3-dev (3.3.10 pkg 2.2) + Clamav Antivirus won't start

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    23 Posts 6 Posters 43.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      exograpix
      last edited by

      Please do, it will be very helpful.

      1 Reply Last reply Reply Quote 0
      • O
        Oliver_
        last edited by

        so you are able to install Squid3-dev with dansguardian and a working clamav?  :o
        And you are able to use a internal clwarn.cgi Warnig site?

        Please be so cool and share your knowledge with us!

        I was not able to combine Dansguardian with Squid3-dev!

        Regards Oli

        PS: And if you are able to use SSL in the middle with dansguardian you are my personal hero!  ;D

        1 Reply Last reply Reply Quote 0
        • E
          eduardogoncalves
          last edited by

          Hi,
          I'm preparing a step-by-step basic setup for squid3-dev, dansguardian and clamav and will here post soon.
          I'll use pfsense latest version:

          
2.1-RELEASE (amd64)
built on Wed Sep 11 18:17:48 EDT 2013
FreeBSD 8.3-RELEASE-p11

          ps.:by 'basic setup' I meant I won't describe squid's acls, dansguarian's blacklist and acl… It's just the steps to make them run...

          1 Reply Last reply Reply Quote 0
          • E
            eduardogoncalves
            last edited by

            Hi, you can access a step-by-step basic setup for squid3-dev and clamav in  http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/

            I used pfsense latest version:
            2.1-RELEASE (i386)
            built on Wed Sep 11 18:16:22 EDT 2013
            FreeBSD 8.3-RELEASE-p11

            ps: I'm new in PfSense and BSD's stuff, so if I'm missing some steps, feel free to contribute or ask more details.

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              Hi Eduardo, I've merged your changes to squid3-dev pkg v 2.2.1.

              I'm still not able to startup it on amd64, can you check if it's fine on i386?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • E
                eduardogoncalves
                last edited by

                Hi Marcello we're almost done…

                This one is a fresh install of pfsense 2.1 i386...
                After installs squid3-dev, I had to download some libs:

                [2.1-RELEASE][admin@pfSense.egoncalves.com.br]/root(1): squid -NsXY /libexec/ld-elf.so.1: Shared object "libheimntlm.so.10" not found, required by "squid"
[2.1-RELEASE][admin@pfSense.egoncalves.com.br]/usr/local/lib(3): squid -NsXY       /libexec/ld-elf.so.1: Shared object "libkrb5.so.10" not found, required by "squid"
[2.1-RELEASE][admin@pfSense.egoncalves.com.br]/usr/local/lib(5): squid -NsXY       /libexec/ld-elf.so.1: Shared object "libhx509.so.10" not found, required by "squid"
[2.1-RELEASE][admin@pfSense.egoncalves.com.br]/usr/local/lib(7): squid -NsXY       /libexec/ld-elf.so.1: Shared object "libasn1.so.10" not found, required by "squid"
[2.1-RELEASE][admin@pfSense.egoncalves.com.br]/usr/local/lib(9): squid -NsXY       /libexec/ld-elf.so.1: Shared object "libroken.so.10" not found, required by "squid"

                Then started squid and configure it to run "Transparent HTTP proxy", go to "antivirus" tab, check and save.
                Then, services and started clamav manually.
                After that, I remember to change "redirect" path in "squidclamav.conf" to https://10.1.1.1/clwarn.cgi, so after click save button I had to restart "c-icap" service to apply it.

                And it worked like a charm, then I enable "HTTPS/SSL interception" and squid+clamav was able to block virus from https requests…

                But when I restarted the system this is what I get. I can access "webConfigurator", but can't start squid anymore, says that can't find 'clamav' user…

                By SSH I see that user exists:

                
[2.1-RELEASE][admin@pfSense.egoncalves.com.br]/root(199): id clamav
uid=9595(clamav) gid=9595(clamav) groups=9595(clamav),0(wheel)

                Here's squid log:

                
[2.1-RELEASE][admin@pfSense.egoncalves.com.br]/root(1): squid -NsXY
2014/03/06 17:30:09.540| debug.cc(424) parseOptions: command-line -X overrides: ALL,7
2014/03/06 17:30:09.540| cache_manager.cc(102) registerProfile: registering legacy mem
2014/03/06 17:30:09.540| cache_manager.cc(87) registerProfile: registered profile: mem
2014/03/06 17:30:09.540| cache_manager.cc(102) registerProfile: registering legacy squidaio_counts
2014/03/06 17:30:09.540| cache_manager.cc(87) registerProfile: registered profile: squidaio_counts
2014/03/06 17:30:09.540| cache_manager.cc(87) registerProfile: registered profile: diskd
2014/03/06 17:30:09.540| rock/RockStoreFileSystem.cc(44) setup: Will use Rock FS
2014/03/06 17:30:09.540| Startup: Initializing Authentication Schemes ...
2014/03/06 17:30:09.540| Startup: Initialized Authentication Scheme 'basic'
2014/03/06 17:30:09.540| Startup: Initialized Authentication Scheme 'digest'
2014/03/06 17:30:09.540| Startup: Initialized Authentication Scheme 'negotiate'
2014/03/06 17:30:09.540| Startup: Initialized Authentication Scheme 'ntlm'
2014/03/06 17:30:09.540| Startup: Initialized Authentication.
2014/03/06 17:30:09.541| tools.cc(69) ProbeTransport: Detected IPv6 hybrid or v4-mapping stack...
2014/03/06 17:30:09.541| tools.cc(83) ProbeTransport: IPv6 transport Enabled
2014/03/06 17:30:09.541| Config.cc(39) registerTokens:  register format tokens for 'adapt'
2014/03/06 17:30:09.541| Config.cc(39) registerTokens:  register format tokens for 'icap'
2014/03/06 17:30:09.541| Config.cc(39) registerTokens:  register format tokens for 'ssl'
2014/03/06 17:30:09.541| cache_cf.cc(609) parseConfigFile:
2014/03/06 17:30:09.541| cf_parser.cci(3203) free_all:
2014/03/06 17:30:09.541| Gadgets.cc(245) aclDestroyAcls: aclDestroyACLs: invoked
2014/03/06 17:30:09.541| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/06 17:30:09.541| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.541| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certHasExpired'
2014/03/06 17:30:09.541| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.541| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certHasExpired'
2014/03/06 17:30:09.541| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/06 17:30:09.541| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b074d0
2014/03/06 17:30:09.541| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/06 17:30:09.541| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.541| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certNotYetValid'
2014/03/06 17:30:09.541| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.541| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certNotYetValid'
2014/03/06 17:30:09.541| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b074f0
2014/03/06 17:30:09.542| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/06 17:30:09.542| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.542| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certDomainMismatch'
2014/03/06 17:30:09.542| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.542| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certDomainMismatch'
2014/03/06 17:30:09.542| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07510
2014/03/06 17:30:09.542| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/06 17:30:09.542| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.542| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certUntrusted'
2014/03/06 17:30:09.542| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.542| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certUntrusted'
2014/03/06 17:30:09.542| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07530
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07550
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07570
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07590
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075b0
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075d0
2014/03/06 17:30:09.542| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/06 17:30:09.542| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.542| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certSelfSigned'
2014/03/06 17:30:09.542| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.542| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certSelfSigned'
2014/03/06 17:30:09.542| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/06 17:30:09.542| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075f0
2014/03/06 17:30:09.542| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src
2014/03/06 17:30:09.542| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.542| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/06 17:30:09.542| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.542| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'all'
2014/03/06 17:30:09.542| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src'
2014/03/06 17:30:09.542| Ip.cc(260) FactoryParse: aclIpParseIpData: all
2014/03/06 17:30:09.542| Ip.cc(264) FactoryParse: aclIpParseIpData: magic 'all' found.
2014/03/06 17:30:09.542| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type url_regex
2014/03/06 17:30:09.542| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.542| Acl.cc(61) FindByName: ACL::FindByName 'manager'
2014/03/06 17:30:09.542| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.542| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'manager'
2014/03/06 17:30:09.542| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'url_regex'
2014/03/06 17:30:09.542| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file
2014/03/06 17:30:09.542| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '-i'
2014/03/06 17:30:09.543| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '^cache_object://'
2014/03/06 17:30:09.543| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '+i'
2014/03/06 17:30:09.543| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '^https?://[^/]+/squid-internal-mgr/'
2014/03/06 17:30:09.543| RegexData.cc(214) compileOptimisedREs: compileOptimisedREs: -i
2014/03/06 17:30:09.543| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '^cache_object://'
2014/03/06 17:30:09.543| RegexData.cc(228) compileOptimisedREs: compileOptimisedREs: +i
2014/03/06 17:30:09.543| RegexData.cc(173) compileRE: compileRE: compiled '(^cache_object://)' with flags 7
2014/03/06 17:30:09.543| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '^https?://[^/]+/squid-internal-mgr/'
2014/03/06 17:30:09.543| RegexData.cc(173) compileRE: compileRE: compiled '(^https?://[^/]+/squid-internal-mgr/)' with flags 5
2014/03/06 17:30:09.543| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 2 REs are optimised into one RE.
2014/03/06 17:30:09.543| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src
2014/03/06 17:30:09.543| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.543| Acl.cc(61) FindByName: ACL::FindByName 'localhost'
2014/03/06 17:30:09.543| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.543| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'localhost'
2014/03/06 17:30:09.543| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src'
2014/03/06 17:30:09.543| Ip.cc(260) FactoryParse: aclIpParseIpData: 127.0.0.1/32
2014/03/06 17:30:09.543| Ip.cc(368) FactoryParse: aclIpParseIpData: '127.0.0.1/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/06 17:30:09.543| Ip.cc(500) FactoryParse: Parsed: 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128)
2014/03/06 17:30:09.543| Ip.cc(260) FactoryParse: aclIpParseIpData: ::1
2014/03/06 17:30:09.543| Ip.cc(405) FactoryParse: aclIpParseIpData: Lookup Host/IP ::1
2014/03/06 17:30:09.543| Ip.cc(439) FactoryParse: aclIpParseIpData: Located host/IP: '[::1]'
2014/03/06 17:30:09.543| Ip.cc(446) FactoryParse: ::1 --> [::1]
2014/03/06 17:30:09.543| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/06 17:30:09.543| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/06 17:30:09.543| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 127.0.0.1/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (127.0.0.1)  vs [::1]-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/06 17:30:09.543| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [::1]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ([::1])  vs 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/06 17:30:09.543| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type dst
2014/03/06 17:30:09.543| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/06 17:30:09.543| Acl.cc(61) FindByName: ACL::FindByName 'to_localhost'
2014/03/06 17:30:09.543| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/06 17:30:09.543| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'to_localhost'
2014/03/06 17:30:09.543| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'dst'
2014/03/06 17:30:09.543| Ip.cc(260) FactoryParse: aclIpParseIpData: 127.0.0.0/8
2014/03/06 17:30:09.543| Ip.cc(368) FactoryParse: aclIpParseIpData: '127.0.0.0/8' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/06 17:30:09.543| Ip.cc(500) FactoryParse: Parsed: 127.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0](/104)
2014/03/06 17:30:09.544| Ip.cc(260) FactoryParse: aclIpParseIpData: 0.0.0.0/32
2014/03/06 17:30:09.544| Ip.cc(368) FactoryParse: aclIpParseIpData: '0.0.0.0/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/06 17:30:09.544| Ip.cc(500) FactoryParse: Parsed: 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128)
2014/03/06 17:30:09.544| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 127.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (127.0.0.0)  vs 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/06 17:30:09.544| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 0.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0] (0.0.0.0)  vs 127.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0]
2014/03/06 17:30:09.544| Ip.cc(260) FactoryParse: aclIpParseIpData: ::1
2014/03/06 17:30:09.544| Ip.cc(405) FactoryParse: aclIpParseIpData: Lookup Host/IP ::1
2014/03/06 17:30:09.544| Ip.cc(439) FactoryParse: aclIpParseIpData: Located host/IP: '[::1]'
2014/03/06 17:30:09.544| Ip.cc(446) FactoryParse: ::1 --> [::1]
2014/03/06 17:30:09.544| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/06 17:30:09.544| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/06 17:30:09.544| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 0.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (0.0.0.0)  vs [::1]-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/06 17:30:09.544| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [::1]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ([::1])  vs 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/06 17:30:09.544| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/03/06 17:30:09.545| cache_cf.cc(557) parseOneConfigFile: Processing: http_port 10.1.1.1:3128
2014/03/06 17:30:09.545| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66210
2014/03/06 17:30:09.545| cache_cf.cc(3551) parsePortSpecification: http_port: Listen on Host/IP: 10.1.1.1 --> 10.1.1.1:3128
2014/03/06 17:30:09.545| cbdata.cc(419) cbdataInternalLock: cbdataLock: 0x28b66210=1
2014/03/06 17:30:09.545| cache_cf.cc(557) parseOneConfigFile: Processing: http_port 127.0.0.1:3128 intercept
2014/03/06 17:30:09.545| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66310
2014/03/06 17:30:09.545| cache_cf.cc(3551) parsePortSpecification: http_port: Listen on Host/IP: 127.0.0.1 --> 127.0.0.1:3128
2014/03/06 17:30:09.545| Starting Authentication on port 127.0.0.1:3128
2014/03/06 17:30:09.545| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2014/03/06 17:30:09.545| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled)
2014/03/06 17:30:09.545| cbdata.cc(419) cbdataInternalLock: cbdataLock: 0x28b66310=1
2014/03/06 17:30:09.545| cache_cf.cc(557) parseOneConfigFile: Processing: https_port 127.0.0.1:3127 intercept
2014/03/06 17:30:09.545| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66410
2014/03/06 17:30:09.545| cache_cf.cc(3551) parsePortSpecification: https_port: Listen on Host/IP: 127.0.0.1 --> 127.0.0.1:3127
2014/03/06 17:30:09.545| Starting Authentication on port 127.0.0.1:3127
2014/03/06 17:30:09.545| Disabling Authentication on port 127.0.0.1:3127 (interception enabled)
2014/03/06 17:30:09.545| Disabling IPv6 on port 127.0.0.1:3127 (interception enabled)
2014/03/06 17:30:09.545| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing.
2014/03/06 17:30:09.545| tools.cc(597) leave_suid: leave_suid: PID 24311 called
2014/03/06 17:30:09.546| tools.cc(619) leave_suid: leave_suid: PID 24311 giving up root, becoming 'squid'
FATAL: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3127 intercept
Squid Cache (Version 3.3.10): Terminated abnormally.
CPU Usage: 0.012 seconds = 0.000 user + 0.012 sys
Maximum Resident Size: 23008 KB
Page faults with physical i/o: 0
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.546| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
2014/03/06 17:30:09.547| Acl.cc(364) ~ACL: ACL::~ACL: '
                1 Reply Last reply Reply Quote 0
                • E
                  exograpix
                  last edited by

                  This is the strange behavior, I am facing too, you have to go to web interface and than proxy server and press save button, after 10 second everything is back to normal and clam and squidguard start working.

                  There is a bug, please look into the matter..

                  Regards

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @exograpix:

                    This is the strange behavior, I am facing too, you have to go to web interface and than proxy server and press save button, after 10 second everything is back to normal and clam and squidguard start working.

                    To avoid startup "freeze" on squid service, I had to change squid sub processes (clamav, icap) startup to background.

                    Do you have erros on logs before this manual config save?

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      @Eduardo:

                      Hi Marcello we're almost done…

                      
FATAL: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3127 intercept
Squid Cache (Version 3.3.10): Terminated abnormally.

                      Does it happen on all squid startup?

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • E
                        eduardogoncalves
                        last edited by

                        Hi,
                        with "HTTPS/SSL interception" disabled I can start squid and everything works.

                        But on reboot squid still hangs on boot "pw: no such user 'clamav", though it's running (all services start automatically)…

                        
[2.1-RELEASE][admin@pfSense.novanis.srv.br]/root(199): squid -NsXY
2014/03/07 10:47:10.008| debug.cc(424) parseOptions: command-line -X overrides: ALL,7
2014/03/07 10:47:10.008| cache_manager.cc(102) registerProfile: registering legacy mem
2014/03/07 10:47:10.008| cache_manager.cc(87) registerProfile: registered profile: mem
2014/03/07 10:47:10.008| cache_manager.cc(102) registerProfile: registering legacy squidaio_counts
2014/03/07 10:47:10.008| cache_manager.cc(87) registerProfile: registered profile: squidaio_counts
2014/03/07 10:47:10.008| cache_manager.cc(87) registerProfile: registered profile: diskd
2014/03/07 10:47:10.008| rock/RockStoreFileSystem.cc(44) setup: Will use Rock FS
2014/03/07 10:47:10.008| Startup: Initializing Authentication Schemes ...
2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'basic'
2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'digest'
2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'negotiate'
2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'ntlm'
2014/03/07 10:47:10.008| Startup: Initialized Authentication.
2014/03/07 10:47:10.008| tools.cc(69) ProbeTransport: Detected IPv6 hybrid or v4-mapping stack...
2014/03/07 10:47:10.008| tools.cc(83) ProbeTransport: IPv6 transport Enabled
2014/03/07 10:47:10.008| Config.cc(39) registerTokens:  register format tokens for 'adapt'
2014/03/07 10:47:10.008| Config.cc(39) registerTokens:  register format tokens for 'icap'
2014/03/07 10:47:10.009| Config.cc(39) registerTokens:  register format tokens for 'ssl'
2014/03/07 10:47:10.009| cache_cf.cc(609) parseConfigFile:
2014/03/07 10:47:10.009| cf_parser.cci(3203) free_all:
2014/03/07 10:47:10.009| Gadgets.cc(245) aclDestroyAcls: aclDestroyACLs: invoked
2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certHasExpired'
2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certHasExpired'
2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b074d0
2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certNotYetValid'
2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certNotYetValid'
2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b074f0
2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certDomainMismatch'
2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certDomainMismatch'
2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07510
2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certUntrusted'
2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certUntrusted'
2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07530
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07550
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07570
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07590
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075b0
2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075d0
2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error
2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certSelfSigned'
2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certSelfSigned'
2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error'
2014/03/07 10:47:10.010| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075f0
2014/03/07 10:47:10.010| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src
2014/03/07 10:47:10.010| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.010| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.010| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'all'
2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src'
2014/03/07 10:47:10.010| Ip.cc(260) FactoryParse: aclIpParseIpData: all
2014/03/07 10:47:10.010| Ip.cc(264) FactoryParse: aclIpParseIpData: magic 'all' found.
2014/03/07 10:47:10.010| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type url_regex
2014/03/07 10:47:10.010| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.010| Acl.cc(61) FindByName: ACL::FindByName 'manager'
2014/03/07 10:47:10.010| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'manager'
2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'url_regex'
2014/03/07 10:47:10.010| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file
2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '-i'
2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '^cache_object://'
2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '+i'
2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '^https?://[^/]+/squid-internal-mgr/'
2014/03/07 10:47:10.010| RegexData.cc(214) compileOptimisedREs: compileOptimisedREs: -i
2014/03/07 10:47:10.010| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '^cache_object://'
2014/03/07 10:47:10.010| RegexData.cc(228) compileOptimisedREs: compileOptimisedREs: +i
2014/03/07 10:47:10.010| RegexData.cc(173) compileRE: compileRE: compiled '(^cache_object://)' with flags 7
2014/03/07 10:47:10.010| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '^https?://[^/]+/squid-internal-mgr/'
2014/03/07 10:47:10.010| RegexData.cc(173) compileRE: compileRE: compiled '(^https?://[^/]+/squid-internal-mgr/)' with flags 5
2014/03/07 10:47:10.010| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 2 REs are optimised into one RE.
2014/03/07 10:47:10.010| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src
2014/03/07 10:47:10.010| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.010| Acl.cc(61) FindByName: ACL::FindByName 'localhost'
2014/03/07 10:47:10.010| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'localhost'
2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src'
2014/03/07 10:47:10.010| Ip.cc(260) FactoryParse: aclIpParseIpData: 127.0.0.1/32
2014/03/07 10:47:10.010| Ip.cc(368) FactoryParse: aclIpParseIpData: '127.0.0.1/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/07 10:47:10.011| Ip.cc(500) FactoryParse: Parsed: 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128)
2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: ::1
2014/03/07 10:47:10.011| Ip.cc(405) FactoryParse: aclIpParseIpData: Lookup Host/IP ::1
2014/03/07 10:47:10.011| Ip.cc(439) FactoryParse: aclIpParseIpData: Located host/IP: '[::1]'
2014/03/07 10:47:10.011| Ip.cc(446) FactoryParse: ::1 --> [::1]
2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 127.0.0.1/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (127.0.0.1)  vs [::1]-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [::1]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ([::1])  vs 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/07 10:47:10.011| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type dst
2014/03/07 10:47:10.011| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.011| Acl.cc(61) FindByName: ACL::FindByName 'to_localhost'
2014/03/07 10:47:10.011| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.011| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'to_localhost'
2014/03/07 10:47:10.011| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'dst'
2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: 127.0.0.0/8
2014/03/07 10:47:10.011| Ip.cc(368) FactoryParse: aclIpParseIpData: '127.0.0.0/8' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/07 10:47:10.011| Ip.cc(500) FactoryParse: Parsed: 127.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0](/104)
2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: 0.0.0.0/32
2014/03/07 10:47:10.011| Ip.cc(368) FactoryParse: aclIpParseIpData: '0.0.0.0/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/07 10:47:10.011| Ip.cc(500) FactoryParse: Parsed: 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128)
2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 127.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (127.0.0.0)  vs 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 0.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0] (0.0.0.0)  vs 127.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0]
2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: ::1
2014/03/07 10:47:10.011| Ip.cc(405) FactoryParse: aclIpParseIpData: Lookup Host/IP ::1
2014/03/07 10:47:10.011| Ip.cc(439) FactoryParse: aclIpParseIpData: Located host/IP: '[::1]'
2014/03/07 10:47:10.011| Ip.cc(446) FactoryParse: ::1 --> [::1]
2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped.
2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 0.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (0.0.0.0)  vs [::1]-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [::1]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ([::1])  vs 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/03/07 10:47:10.011| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0)
2014/03/07 10:47:10.012| cache_cf.cc(557) parseOneConfigFile: Processing: http_port 10.1.1.1:3128
2014/03/07 10:47:10.012| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66210
2014/03/07 10:47:10.012| cache_cf.cc(3551) parsePortSpecification: http_port: Listen on Host/IP: 10.1.1.1 --> 10.1.1.1:3128
2014/03/07 10:47:10.012| cbdata.cc(419) cbdataInternalLock: cbdataLock: 0x28b66210=1
2014/03/07 10:47:10.012| cache_cf.cc(557) parseOneConfigFile: Processing: http_port 127.0.0.1:3128 intercept
2014/03/07 10:47:10.012| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66310
2014/03/07 10:47:10.012| cache_cf.cc(3551) parsePortSpecification: http_port: Listen on Host/IP: 127.0.0.1 --> 127.0.0.1:3128
2014/03/07 10:47:10.012| Starting Authentication on port 127.0.0.1:3128
2014/03/07 10:47:10.012| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2014/03/07 10:47:10.012| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled)
2014/03/07 10:47:10.013| cbdata.cc(419) cbdataInternalLock: cbdataLock: 0x28b66310=1
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: icp_port 7
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: dns_v4_first off
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: pid_filename /var/run/squid.pid
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_effective_user proxy
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_effective_group proxy
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: error_default_language en
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: icon_directory /usr/pbi/squid-i386/etc/squid/icons
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: visible_hostname localhost
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_mgr admin@localhost
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: access_log /dev/null
2014/03/07 10:47:10.013| cache_cf.cc(4042) parse_access_log: Log definition name 'squid' file '/dev/null'
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_log /var/squid/logs/cache.log
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_store_log none
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: logfile_rotate 0
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: shutdown_lifetime 3 seconds
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: acl localnet src  10.1.1.0/24
2014/03/07 10:47:10.013| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src
2014/03/07 10:47:10.013| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.013| Acl.cc(61) FindByName: ACL::FindByName 'localnet'
2014/03/07 10:47:10.013| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.013| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'localnet'
2014/03/07 10:47:10.013| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src'
2014/03/07 10:47:10.013| Ip.cc(260) FactoryParse: aclIpParseIpData: 10.1.1.0/24
2014/03/07 10:47:10.013| Ip.cc(368) FactoryParse: aclIpParseIpData: '10.1.1.0/24' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2014/03/07 10:47:10.013| Ip.cc(500) FactoryParse: Parsed: 10.1.1.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00](/120)
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: uri_whitespace strip
2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: acl dynamic urlpath_regex cgi-bin \?
2014/03/07 10:47:10.013| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type urlpath_regex
2014/03/07 10:47:10.013| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.013| Acl.cc(61) FindByName: ACL::FindByName 'dynamic'
2014/03/07 10:47:10.014| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.014| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'dynamic'
2014/03/07 10:47:10.014| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'urlpath_regex'
2014/03/07 10:47:10.014| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file
2014/03/07 10:47:10.014| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE 'cgi-bin'
2014/03/07 10:47:10.014| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '\?'
2014/03/07 10:47:10.014| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE 'cgi-bin'
2014/03/07 10:47:10.014| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '\?'
2014/03/07 10:47:10.014| RegexData.cc(173) compileRE: compileRE: compiled '(cgi-bin)|(\?)' with flags 5
2014/03/07 10:47:10.014| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 2 REs are optimised into one RE.
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache deny dynamic
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64440
2014/03/07 10:47:10.014| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'dynamic'
2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'dynamic'
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache_mem 8 MB
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: maximum_object_size_in_memory 32 KB
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: memory_replacement_policy heap GDSF
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache_replacement_policy heap LFUDA
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: minimum_object_size 0 KB
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: maximum_object_size 10 KB
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: offline_mode off
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache allow all
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b644a0
2014/03/07 10:47:10.014| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all'
2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: acl allsrc src all
2014/03/07 10:47:10.014| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src
2014/03/07 10:47:10.014| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'allsrc'
2014/03/07 10:47:10.014| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.014| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'allsrc'
2014/03/07 10:47:10.014| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src'
2014/03/07 10:47:10.014| Ip.cc(260) FactoryParse: aclIpParseIpData: all
2014/03/07 10:47:10.014| Ip.cc(264) FactoryParse: aclIpParseIpData: magic 'all' found.
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
2014/03/07 10:47:10.014| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type port
2014/03/07 10:47:10.014| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'safeports'
2014/03/07 10:47:10.014| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.014| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'safeports'
2014/03/07 10:47:10.014| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'port'
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b077b0
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07830
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07850
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07870
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07890
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b078b0
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b078d0
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b078f0
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07910
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07930
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07950
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07970
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07990
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b079b0
2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b079d0
2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: acl sslports port 443 563
2014/03/07 10:47:10.014| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type port
2014/03/07 10:47:10.014| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'sslports'
2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'sslports'
2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'port'
2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07a30
2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07a50
2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl purge method PURGE
2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type method
2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'purge'
2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'purge'
2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'method'
2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64530
2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl connect method CONNECT
2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type method
2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'connect'
2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'connect'
2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'method'
2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64560
2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl HTTP proto HTTP
2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type proto
2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'HTTP'
2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'HTTP'
2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'proto'
2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07b10
2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl HTTPS proto HTTPS
2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type proto
2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'HTTPS'
2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'HTTPS'
2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'proto'
2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07b50
2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type dstdom_regex
2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered:    yes
2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'blacklist'
2014/03/07 10:47:10.016| Acl.cc(67) FindByName: ACL::FindByName found no match
2014/03/07 10:47:10.016| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'blacklist'
2014/03/07 10:47:10.016| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'dstdom_regex'
2014/03/07 10:47:10.016| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file
2014/03/07 10:47:10.016| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '-i'
2014/03/07 10:47:10.016| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE 'facebook.com'
2014/03/07 10:47:10.016| RegexData.cc(214) compileOptimisedREs: compileOptimisedREs: -i
2014/03/07 10:47:10.016| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE 'facebook.com'
2014/03/07 10:47:10.016| RegexData.cc(173) compileRE: compileRE: compiled '(facebook.com)' with flags 7
2014/03/07 10:47:10.016| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 1 REs are optimised into one RE.
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access allow manager localhost
2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64590
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'manager'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'manager'
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'localhost'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'localhost'
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny manager
2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64500
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'manager'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'manager'
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access allow purge localhost
2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64620
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'purge'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'purge'
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'localhost'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'localhost'
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny purge
2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b645f0
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'purge'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'purge'
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny !safeports
2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64680
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'safeports'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'safeports'
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny CONNECT !sslports
2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b646e0
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'CONNECT'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'CONNECT'
2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'sslports'
2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'sslports'
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: request_body_max_size 0 KB
2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: delay_pools 1
2014/03/07 10:47:10.017| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds
2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_class 1 2
2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_parameters 1 -1/-1 -1/-1
2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_initial_bucket_level 100
2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_access 1 allow allsrc
2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b646b0
2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'allsrc'
2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'allsrc'
2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny blacklist
2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64740
2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'blacklist'
2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'blacklist'
2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: http_access allow localnet
2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64770
2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'localnet'
2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'localnet'
2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny allsrc
2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b647a0
2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'allsrc'
2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'allsrc'
2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: icap_enable on
2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: icap_send_client_ip on
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_send_client_username on
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_client_username_encode off
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_client_username_header X-Authenticated-User
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_preview_enable on
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_preview_size 1024
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
2014/03/07 10:47:10.019| ServiceConfig.cc(174) grokUri: /usr/pbi/squid-i386/etc/squid/squid.conf:103: service protocol is icap
2014/03/07 10:47:10.019| ServiceConfig.cc(148) parse: /usr/pbi/squid-i386/etc/squid/squid.conf:103: adaptation_service service_req REQMOD_PRECACHE 00 icap://127.0.0.1:1344/squidclamav
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
2014/03/07 10:47:10.019| ServiceConfig.cc(174) grokUri: /usr/pbi/squid-i386/etc/squid/squid.conf:104: service protocol is icap
2014/03/07 10:47:10.019| ServiceConfig.cc(148) parse: /usr/pbi/squid-i386/etc/squid/squid.conf:104: adaptation_service service_resp RESPMOD_PRECACHE 00 icap://127.0.0.1:1344/squidclamav
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: adaptation_access service_req allow all
2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64a10
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: adaptation_access service_resp allow all
2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64aa0
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b649b0
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.019| wccp2.cc(533) wccp2_add_service_list: wccp2_add_service_list: added service id 0
2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64b00
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'ssl::certUntrusted'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certUntrusted'
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'ssl::certSelfSigned'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certSelfSigned'
2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all'
2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all'
2014/03/07 10:47:10.020| tools.cc(585) uniqueHostname:  Config: '
2014/03/07 10:47:10.020| tools.cc(585) uniqueHostname:  Config: '
2014/03/07 10:47:10.020| Initializing https proxy context
2014/03/07 10:47:10.021| support.cc(1000) sslCreateClientContext: Using SSLv2/SSLv3.
2014/03/07 10:47:10.021| support.cc(1052) sslCreateClientContext: Setting RSA key generation callback.
2014/03/07 10:47:10.021| support.cc(1059) sslCreateClientContext: Setting certificate verification callback.
2014/03/07 10:47:10.021| support.cc(1063) sslCreateClientContext: Setting CA certificate locations.
2014/03/07 10:47:10.021| tools.cc(597) leave_suid: leave_suid: PID 5747 called
2014/03/07 10:47:10.021| tools.cc(619) leave_suid: leave_suid: PID 5747 giving up root, becoming 'proxy'
2014/03/07 10:47:10.021| debug.cc(424) parseOptions: command-line -X overrides: ALL,1
                        1 Reply Last reply Reply Quote 0
                        • E
                          exograpix
                          last edited by

                          Neither squidguard nor antivirus start at the start up, I have to login and manually save squid setting, than voila it works, please see my log of startup and after I click save in squid.

                          error1.txt

                          1 Reply Last reply Reply Quote 0
                          • U
                            usabug
                            last edited by

                            Can anyone please inform me why when i enable the antivirus then i cannot serf the web ?

                            The following error appears :

                            ==========quote============

                            ERROR in the browser
                            The following error was encountered while trying to retrieve the URL:
                            http://google.com
                                ICAP protocol error.

                            The system returned: [No Error]

                            This means that some aspect of the ICAP communication failed.

                            Some possible problems are:

                            *

                            The ICAP server is not reachable.
                                *

                            An Illegal response was received from the ICAP server.

                            ==================unquote =====================

                            If i run the client to the console

                            /usr/local/bin/c-icap-client
                            ICAP server:localhost, ip:127.0.0.1, port:1344

                            OPTIONS:
                                    Allow 204: Yes
                                    Preview: 1024
                                    Keep alive: Yes

                            ICAP HEADERS:
                                    ICAP/1.0 200 OK:
                                    Methods:RESPMOD, REQMOD
                                    Service:C-ICAP/0.2.5 server - Echo demo service
                                    ISTag:CI0001-XXXXXXXXX
                                    Transfer-Preview:*
                                    Options-TTL:3600
                                    Date:Tue, 11 Mar 2014 13:54:59 GMT
                                    Preview:1024
                                    Allow:204
                                    X-Include:X-Authenticated-User, X-Authenticated-Groups
                                    Encapsulated:null-body=0

                            and all the services seems that are running .

                            I look forward for your responses .

                            1 Reply Last reply Reply Quote 0
                            • marcellocM
                              marcelloc
                              last edited by

                              usabug, can you try with pfsense 32 bits?

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • U
                                usabug
                                last edited by

                                @marcelloc:

                                usabug, can you try with pfsense 32 bits?

                                Dear Marcelloc ,

                                I can try but if i use 32 bit operating system then i can only use only 4GB ram .

                                The server right now has onboard 16G ram .

                                If i use the 32 bit operating system i have to install a kernel with Physical address extension , witch these solution is not an option cause it makes too much crushes .

                                But if you want me to do it just for test , i can do it

                                1 Reply Last reply Reply Quote 0
                                • O
                                  Oliver_
                                  last edited by

                                  First i want to thank you guys for your work  @ Eduardo Gonçalves & marcelloc

                                  How can we help you with your work? Tomorrow my Testing-System should be running again and i have a little time for testing!

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    @Oliver_:

                                    How can we help you with your work?

                                    The problem is that c-icap is crashing when called by squid. you can check it on squid logs.

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • belleraB
                                      bellera
                                      last edited by

                                      Working with squid3-devel in non-transparent mode, in transparent mode for http but when I activated transparent mode for https doesn't work.

                                      Here is my /var/log/system.log

                                      Mar 13 20:47:24 fw2 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Mar 13 20:47:24 fw2 php: /pkg_edit.php: Reloading Squid for configuration sync
Mar 13 20:47:24 fw2 check_reload_status: Reloading filter
Mar 13 20:47:25 fw2 check_reload_status: Syncing firewall
Mar 13 20:47:25 fw2 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no
Mar 13 20:47:25 fw2 php: /pkg_edit.php: Reloading Squid for configuration sync
Mar 13 20:47:25 fw2 squid: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept 
Mar 13 20:47:25 fw2 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '2014/03/13 20:47:25| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept Squid Cache (Version 3.3.10): Terminated abnormally. CPU Usage: 0.008 seconds = 0.008 user + 0.000 sys Maximum Resident Size: 28544 KB Page faults with physical i/o: 0'

                                      Similar problem and clamav is not yet activated. I'm implementing squid3-devel step-by-step…

                                      I tried stop/start squid and same result.

                                      FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept Squid Cache (Version 3.3.10): Terminated abnormally.

                                      1 Reply Last reply Reply Quote 0
                                      • belleraB
                                        bellera
                                        last edited by

                                        My system is 32 bit…

                                        Differences in squid.conf when applying for transparent SSL mode:

                                        diff squid.conf_transparent.txt squid.conf_transparent_ssl.txt 
4,5c4,6
< http_port 192.168.1.1:3128
< http_port 127.0.0.1:3128 intercept
---
> http_port 192.168.1.1:3128 
> http_port 127.0.0.1:3128 intercept 
> https_port 127.0.0.1:3129 intercept 
87a89,90
> always_direct allow all
> ssl_bump server-first all
                                        1 Reply Last reply Reply Quote 0
                                        • belleraB
                                          bellera
                                          last edited by

                                          Working, but…

                                          Must I create my own CA?

                                          Can I use an "official" CA or not?

                                          diff squid.conf_transparent_ssl.txt squid.conf_transparent_ssl_myself.txt 
4,6c4,9
< http_port 192.168.1.1:3128 
< http_port 127.0.0.1:3128 intercept 
< https_port 127.0.0.1:3129 intercept 
---
> http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
> 
> http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
> 
> https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/
> 
18a22,25
> sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
> sslcrtd_children 5
> sslproxy_capath /usr/pbi/squid-i386/share/certs/
> sslproxy_cert_adapt setCommonName all

                                          I will like not do do this:

                                          Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.

                                          Could be, in fact, impossible. A lot of BYOD (http://en.wikipedia.org/wiki/Bring_your_own_device)…

                                          1 Reply Last reply Reply Quote 0
                                          • O
                                            Oliver_
                                            last edited by

                                            Yes you must create your own ca! I think it is not possible to use an "official" CA, because you are using a Man-In-The-Middle Attack to fetch and control https traffic.
                                            Of course every https filter will use a MITM-attack so the client must have a trusted wildcard cert of the controling unit.

                                            A Solution can be to have a non transparent SSL-Proxy and only devices that are under your control are forced to use Proxy.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.