SquidGuard 1.9.18 crashing

aGeekhere

I get the same error with

squidclient -h LAN_IP_ADDRESS -p 3128 mgr:info

But it does not affect squid or squidguard, so don't know.

doktornotor

Do NOT use LAN_IP, use 127.0.0.1

squidclient -h 127.0.0.1 -p 3128 mgr:info

josey

i did, before posting (updating topic)
tried with localhost and with 127.0.0.1

$ squidclient -h 127.0.0.1 -p 3128 mgr:info
client: ERROR: Cannot connect to 127.0.0.1:3128: Operation timed out

doktornotor

Then make Squid listen on loopback.

josey

finally

squidclient -h 127.0.0.1 -p 3128 mgr:info

do the trick

from "broken" machine, but everything looks fine :(

$ squidclient -h 127.0.0.1 -p 3128 mgr:info
Sending HTTP request … done.
HTTP/1.1 200 OK
Server: squid
Mime-Version: 1.0
Date: Wed, 09 Dec 2015 11:14:42 GMT
Content-Type: text/plain
Expires: Wed, 09 Dec 2015 11:14:42 GMT
Last-Modified: Wed, 09 Dec 2015 11:14:42 GMT
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid)
Connection: close

Squid Object Cache: Version 3.4.10
Build Info:
Start Time: Thu, 03 Dec 2015 09:42:00 GMT
Current Time: Wed, 09 Dec 2015 11:14:42 GMT
Connection information for squid:
Number of clients accessing cache: 71
Number of HTTP requests received: 316414
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 36.2
Average ICP messages per minute since start: 0.0
Select loop called: 22462701 times, 23.326 ms avg
Cache information for squid:
Hits as % of all requests: 5min: 9.7%, 60min: 12.7%
Hits as % of bytes sent: 5min: 0.8%, 60min: 2.9%
Memory hits as % of hit requests: 5min: 28.7%, 60min: 17.4%
Disk hits as % of hit requests: 5min: 5.7%, 60min: 10.1%
Storage Swap size: 2750244 KB
Storage Swap capacity: 1.3% used, 98.7% free
Storage Mem size: 64592 KB
Storage Mem capacity: 98.6% used,  1.4% free
Mean Object Size: 25.29 KB
Requests given to unlinkd: 8463
Median Service Times (seconds)  5 min    60 min:
HTTP Requests (All):  0.10281  0.12783
Cache Misses:          0.28853  0.18699
Cache Hits:            0.00000  0.00000
Near Hits:            0.00286  0.10857
Not-Modified Replies:  0.00000  0.00000
DNS Lookups:          0.08334  0.06963
ICP Queries:          0.00000  0.00000
Resource usage for squid:
UP Time: 523961.789 seconds
CPU Time: 961.271 seconds
CPU Usage: 0.18%
CPU Usage, 5 minute avg: 1.89%
CPU Usage, 60 minute avg: 0.96%
Maximum Resident Size: 1006864 KB
Page faults with physical i/o: 0
Memory accounted for:
Total accounted:      106905 KB
memPoolAlloc calls:  67766971
memPoolFree calls:  69055066
File descriptor usage for squid:
Maximum number of file descriptors:  116910
Largest file desc currently in use:    363
Number of file desc currently in use:  111
Files queued for open:                  0
Available number of file descriptors: 116799
Reserved number of file descriptors:  100
Store Disk files open:                  0
Internal Data Structures:
108796 StoreEntries
13048 StoreEntries with MemObjects
13045 Hot Object Cache Items
108741 on-disk objects

KOM

Nothing too bad here.  You say that squid & squidguard seem to be working now?

josey

posted mgr:info is from 2.2.5 machine that crashes after squidguard is enabled.

i have 2 identical pfs machines,
one is up and running without squidguard, and second one is for testing, and second one is now working fine squidguard is up and running.

KOM

I don't remember if we told you that squidguard needs at least one Target Category or it will not be happy.

josey

yes i know that ;)
im crazy in past few days, spent hours and hours trying to get this working.
everything worked perfectly until i made update :(
i will swap this two pfs machines and try to make clean install on first one and see how things work then.

thanks

josey

update
format HDD in second machine - which was freezing after enabling squidguard
make fresh install of PFS 2.2.5
restore conf file,
start squit….
and, everything works.
Great! perfect, it seems all my problems are gone.
Think again,
after i upload blacklist

www.shallalist.de/Downloads/shallalist.tar.gz

and enable it, squid and squidguard stopped running again.
It seems that this problems are caused by blacklist.

oh, yes
running

squidclient -h 127.0.0.1 -p 3128 mgr:info

return this

Sending HTTP request … done.
Alarm clock

im going to pull my hair out :(

KOM

Anything in /var/squidGuard/log/squidGuard.log?

josey

i gave up,
format hdd
reinstall PFS,
restore config file

delete all data regarding squidguard
reinstall squidguard
made new target categories
made new groups acl
upload blacklist

and for now its working.

(now i have some problems with firewall, the second rule in the order run over first, i will test that later, im in the middle of WPAD + SQUID now )

will test it for few days and let you know.

aGeekhere

if using Proxy Interface(s) = lan
I get

squidclient -h 127.0.0.1 -p 3128 mgr:info
Sending HTTP request ... done.

if using Proxy Interface(s) = loopback
I get

/root: squidclient -h 127.0.0.1 -p 3128 mgr:info
Sending HTTP request ... done.
HTTP/1.1 403 Forbidden
Expires: Wed, 23 Dec 2015 01:00:46 GMT
Cache-Control: max-age=180000
Content-Type: text/html
Date: Sun, 20 Dec 2015 23:00:46 GMT
Server: lighttpd/1.4.37
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid/3.4.10)
Connection: close

### Request denied by pfSense proxy: 403 Forbidden

 **Reason:** 

* * *

 **Client address:** 127.0.0.1 

 **Client name:** localhost 

 **Client group:** default 

 **Target group:** in-addr 

 **URL:** cache_object://127.0.0.1/info127.0.0.1/localhost-GET <b   ="" r="">* * *</b > 

maybe it is just my apu1d4 or i am missing something (squid is running fine).

KOM

Do you have your LAN IP and loopback in the External cache managers field?

aGeekhere

no, just a apu1d4 which i installed pfsense to.

KOM

/root: squidclient -h 127.0.0.1 -p 3128 mgr:info
Sending HTTP request … done.
HTTP/1.1 403 Forbidden

You have to have your LAN IP address and loopback in that field or the squidclient command will fail on an access check, I believe.

aGeekhere

Proxy Server: General Settings Proxy Interface(s) = changed to loopback

result

squidclient -h 192.168.1.1 -p 3128 mgr:info
Sending HTTP request ... done.
Alarm clock

net goes down
Proxy Server: General Settings Proxy Interface(s) = changed back to lan

KOM

What?  You're saying that by changing the External cache-mgr field, your network goes down???

aGeekhere

You're saying that by changing the External cache-mgr field, your network goes down

no, if i make Squid listen on loopback then it goes down. so i set it back to lan.

I think I am completely confused here.

The first command that was suggested to run was

squidclient -h LAN_IP_ADDRESS -p 3128 mgr:info  

so that would be

squidclient -h 192.168.1.1 -p 3128 mgr:info  

which resulted to this error

1.1 -p 3128 mgr:info
Sending HTTP request ... done.
HTTP/1.1 403 Forbidden
Server: squid/3.4.10
Mime-Version: 1.0
Date: Mon, 21 Dec 2015 22:32:44 GMT
Content-Type: text/html
Content-Length: 3094
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from localhost
X-Cache-Lookup: NONE from localhost:3128
Via: 1.1 localhost (squid/3.4.10)
Connection: close

<title>ERROR: The requested URL could not be retrieved</title>

# ERROR

## The requested URL could not be retrieved

* * *

The following error was encountered while trying to retrieve the URL: [cache_object://192.168.1.1/info](cache_object://192.168.1.1/info)

> **Access Denied.**

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is [admin@localhost](mailto:admin@localhost?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIED&body=CacheHost%3A%20localhost%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Mon,%2021%20Dec%202015%2022%3A32%3A44%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.1%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Finfo%20HTTP%2F1.0%0AHost%3A%20192.168.1.1%0D%0AUser-Agent%3A%20squidclient%2F3.4.10%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0A%0D%0A%0D%0A).

* * *

Generated Mon, 21 Dec 2015 22:32:44 GMT by localhost (squid/3.4.10)

Then it was said NOT use LAN_IP, use 127.0.0.1
So I then used

squidclient -h 127.0.0.1 -p 3128 mgr:info  

result

Sending HTTP request ... done.
Alarm clock

if I try making squid listen on loopback I get.

Sending HTTP request ... done.
HTTP/1.1 403 Forbidden
Expires: Wed, 23 Dec 2015 01:00:46 GMT
Cache-Control: max-age=180000
Content-Type: text/html
Date: Sun, 20 Dec 2015 23:00:46 GMT
Server: lighttpd/1.4.37
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.1 localhost (squid/3.4.10)
Connection: close

### Request denied by pfSense proxy: 403 Forbidden

 **Reason:** 

* * *

 **Client address:** 127.0.0.1 

 **Client name:** localhost 

 **Client group:** default 

 **Target group:** in-addr 

 **URL:** cache_object://127.0.0.1/info127.0.0.1/localhost-GET <b   ="" r="">* * *</b > 

and the net goes down

So using squidclient -h iphere -p 3128 mgr:info
does not work for me, however squid runs fine.

doktornotor

@aGeekHere:

Then it was said NOT use LAN_IP, use 127.0.0.1

No. No such thing has ever been said. You were told to make Squid listen on loopback in addition to whatever other interface in case you insist on messing with similar cache managers shit (because that's the only interface allowed by ACLs by default).

That's all there's to it.

@aGeekHere:

I think I am completely confused here.

Yeah. Definitely. Way over your head. Just leave the proxy stuff alone and move on.