[SOLVED ]Squid 0.4.44_25 / assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)

CaliPilot

Also:

if you are using SquidGuard, disable "Clean Advertising" when you PFsense-GUI is running on HTTPS. Squidguard is replacing advertisings with a pixel which is loaded from the PFsense box like "http://[IP of your box]/sgerror.php...

This breaks HTTPS and if your WEBif is running on a non-standard port nginx is reporting errors in your system log.

Chris

viktor_g

@CaliPilot said in [SOLVED ]Squid 0.4.44_25 / assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd):

Squid

We used "Splice Whitelist, Bump otherwise" as MITM-Mode and had a bunch of domains listed in ACL/Whitelist area in the style like ".whatsapp.com". This almost never worked and when I took a look in the whitelist.acl-file it was empty. It was not really empty but all the lines starting with the . were not visible in vi. After we changes the domains to (^|.)whatsapp.com$ it looked like the files was much better working.

Thanks for the info, redmine issue created: https://redmine.pfsense.org/issues/10654

viktor_g

@CaliPilot said in [SOLVED ]Squid 0.4.44_25 / assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd):

We used "Splice Whitelist, Bump otherwise" as MITM-Mode and had a bunch of domains listed in ACL/Whitelist area in the style like ".whatsapp.com". This almost never worked and when I took a look in the whitelist.acl-file it was empty. It was not really empty but all the lines starting with the . were not visible in vi. After we changes the domains to (^|.)whatsapp.com$ it looked like the files was much better working.

Fixed in the latest Squid pkg
Please update

aGeekhere

@CaliPilot
Not sure if you have already read through this but here it is
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

to prevent these issue you need to use the following
WPAD (or manual set)
Transparent Proxy to catch http traffic the WPAD misses
SSL Man In the Middle Filtering SPLICE ALL catch https traffic the WPAD misses

CaliPilot

@aGeekhere Sorry for the late response. I have my setup now running for weeks without WPAD or anything like that and i have no issues. The key was to have solid DNS settings on PFsense, Windows DNS and on our clients and now it works like charm. Sometimes we see SSL-Errors on sites running on Akamai (or other CDNs) but only for a few minutes.

Chris

mdalacu

I have the same problem and it is driving me nuts. Every day when office hours begins, squid crashes with this error. On 2.4.4p3 suid was rock solid...:/
The only thing i could do from UI is to delete the cache and then squid starts, otherwise it will not start from services.
I have no DNS issues.

2020-07-31 08:46:56 [45559] loading dbfile /var/db/squidGuard/Misc/domains.db
2020-07-31 08:46:56 [45559] logfile not allowed in acl other than default
2020/07/31 09:02:56 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/07/31 09:02:56 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/07/31 09:02:56 kid1| Service Name: squid
2020-07-31 09:02:56 [53246] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log
2020-07-31 09:02:56 [53246] New setting: logdir: /var/squidGuard/log
2020-07-31 09:02:56 [53246] New setting: dbhome: /var/db/squidGuard
2020-07-31 09:02:56 [53246] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains
2020-07-31 09:02:56 [53246] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db
2020-07-31 09:02:56 [53246] init urllist /var/db/squidGuard/blk_blacklists_ads/urls

Jul 31 09:02:56 	kernel 		pid 43401 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:57 	kernel 		pid 52412 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:58 	kernel 		pid 55101 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:59 	kernel 		pid 58638 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:00 	kernel 		pid 61188 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:01 	kernel 		pid 63750 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:17 	Squid_Alarm 	68674 	Squid has exited. Reconfiguring filter.
Jul 31 09:03:17 	Squid_Alarm 	68975 	Attempting restart...
Jul 31 09:03:20 	Squid_Alarm 	71372 	Reconfiguring filter...
Jul 31 09:03:20 	check_reload_status 		Reloading filter
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules. 

Help please..

vijay7

@madalacu were you able to resolve this, I am started getting this issue, became a nightmare for me, please help

mdalacu

@vijay7 Try to update the squid package to the latest version and see...
For me the problem remains but squid threads are able to restart in the latest version.. so it is working...

vijay7

Tried that already, no difference, atleast twice a day squid service is stopping.

tobyswe

Hello all

This is absolutely NOT a solved problem. Someone should change this. I have several netgate devices with SQUID and SQUIDGARD installed. All of them has this problem. The SQUID service along with the SQUIDGARD service stops several times a day. I have been using SQUID /SQUIDGARD since 2015 . This problem started in 2019 after an upgrade. With the latest upgrade of Pfsense firmware and SQUID /SQUIDGARD it has become terrible. I have to manually start the services several times a day. For us using pfsense without SQUID is not an option and my staff is really questioning why we continue with netgate. The above solutions was not a solution for us. Its still the same.
The error message in SQUID logs
assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd):
Does anyone has any idea of this. I would hate for the first time in a very long time to be forced to go to other routers.

/Toby

mdalacu

Again last week was terrible for me..same problem...i was gessing sites and blindly blacklisted them trying to solve this problem...it's a never ending storry.
Very very annoying and time consuming!

viktor_g

Can you test it on the latest 2.5 snapshot?

vijay7

Finally, i have moved to standalone squid proxy, and I am not getting any issues in standalone, but we have another machine running pfsense and squid, same in my case as well, our company is asking about this issue, don't know why everyday morning 9 AM squid will be down, I had to put someone in a day to continuously monitor because even the watchdog is not able to start this.

viberua

My Squid also start crashing.
In Friday 13 :) evening Squid and SquidGuard services stopped working.
When i tried to run it from services - webpages was opening, but after few seconds Squid services stopped again.
I have rebooted server, but no luck - after few seconds Squid stop working and pages don't load.
Then i disabled MITM and Squid falling is stopped.
We are using 2.4.5-RELEASE-p1 of Pfsense and 0.4.44_35 Squid with 1.16.18_9 SquidGuard.
Where/which logs i should check for find what cause this crashing?

tobyswe

Now this morning the problem is really bad. Several times SQUID is stopping. We did not have any other choice then reinstalling our old Fortigate and pay the licenses for the proxy. Anyone heard of a solution of this issue ?
Someone mentioned to test a 2.5 snapshot. Maybe a bit risky in a production environment

viberua

Today enabled MITM mode. After 2 hours Squid is stop working. Which logs check?

aGeekhere

Is this issue fixed yet?

viktor_g

watch https://redmine.pfsense.org/issues/10608

viberua

This post is deleted!

Volnei

This post is deleted!