SquidGuard Group ACL not working

mdalacu

Hi guys! SquidGuard Group ACL stopped working for me, i presume after an pfsense update (the latest i think).
So the whitelist rules are not working, only the Common ACL applies.
Is anyone expirience the same problem?

This update (2.4.5_p1) also introduced squid stabillity problems for me..at least ones a day it crashes . I have to restart the whole FW in order for it to start again.
Thank you.

coffeelover

We are running a single pfsense vm with 600+ concurrent users and 30+ ldap based group acls. After applying a change, squids need a few minutes to work again.
This is our only issue at the moment.

The system now runs for about 2 weeks without reboot using 2.4.5p1, squid package 0.4.44_30 and squidguard package 1.16.18_6.

I think you have a (syntax) error or similar issue in your config.

The log tab will tell you, also you can test squidguard using the config from the command line.

http://www.squidguard.org/Doc/verify.html

mdalacu

Hi, i have checked using the verify command from the site.
The problem is that the ACL source is not identified, it is using a single IP..so it should not be difficult. The ACL should baypass blocking rule from default and allow acces...

2020-07-29 13:59:08 [6564] squidGuard 1.4 started (1596020348.432)
2020-07-29 13:59:08 [6564] squidGuard ready for requests (1596020348.443)
2020-07-29 13:59:08 [6564] no ACL matching source, using default
2020-07-29 13:59:08 [6564] Request(default/Webmail/-) http://www.yahoo.com 192.168.16.118/- - - REDIRECT
OK rewrite-url="http://vspfw.example.com:88/sgerror.php?url=403"
2020-07-29 13:59:08 [6564] squidGuard stopped (1596020348.444)

This is a sample from the config:

============================================================

SquidGuard configuration file

This file generated automaticly with SquidGuard configurator

(C)2006 Serg Dvoriancev

email: dv_serg@mail.ru

============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

src Allow_all_dest {
ip 192.168.16.118
}

Allowed access to file transfer sites

src Alow_FileSharing {
ip 192.168.16.106
}

Managing partners

src Management2 {
ip 192.168.16.118
log block.log
}
.....

If i enable in web console the Allow_alll_Dest ACL than it is woking just fine, the computer in case can access yahoo.
With allow all dest disabled and Management2 enabled it is not working.
First it has Allow all destionation and the last it has only Webmail allowed. This config was working just fine until a month or two. I have changed nothing beside the update...
Thank you again for your answer :-).

coffeelover

Can you post the corresponding acl for the Management2 src? Perhaps the complete squidGuard config?

mdalacu

This post is deleted!

coffeelover

The IP address 192.168.16.118 is listed in two group acls: Allow_all_dest and Management.
As long as this is the case, the group won't be assigned:

2020-07-29 14:26:37 [56101] squidGuard ready for requests (1596025597.929)
2020-07-29 14:26:37 [56101] no ACL matching source, using default
ERR
2020-07-29 14:26:37 [56101] squidGuard stopped (1596025597.930)

As soon as I change one entry, it works:

2020-07-29 14:27:08 [58266] squidGuard 1.4 started (1596025628.201)
2020-07-29 14:27:08 [58266] squidGuard ready for requests (1596025628.203)
ERR
2020-07-29 14:27:08 [58266] squidGuard stopped (1596025628.203)

mdalacu

@coffeelover I will test this imidiatly!
But if it is like this then it is a bug because Allow all destinations it is always disabled! I use it only for investigation.!!

EDIT: Yes you are right! If i removed the ip form Allow_all_destinations even if this ACL is disabled then Management ACL started working again!
Thank you for thi, i have tested everything but this! :-)

coffeelover

Yeah, glad to hear this.

I think it is a not a real bug: the src rules are parsed to a linked list, so order matters.

As long as the first matching entry for the source address has no associated acl, it will fall back to default. If you change the order in your configuration, it will also work again.

So this should be an issue for documentation or a plausibility check.

mdalacu

Thanky very much coffelover for helping me with this!
I have another issue, after upgrading pfsense to 2.4.5 series, every morning when people comes to work squid crashes.
The only options i have are:
-from cli starting squid (simple squid..no other parameters) or
-delete cache from UI and then squid automaticaliy restart without a problem or
-reboot the whole system
From services UI i can not restart the squid service. It fails.
This is a tipical log file:

How can i investigate further this problem:
"Jul 29 09:02:17 kernel pid 65891 (squid), jid 0, uid 100: exited on signal 6"

Jul 29 05:04:11 	check_reload_status 		Restarting ipsec tunnels
Jul 29 05:04:11 	check_reload_status 		Restarting OpenVPN tunnels/interfaces
Jul 29 05:04:11 	check_reload_status 		Reloading filter
Jul 29 09:02:17 	kernel 		pid 65891 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:03 	kernel 		pid 67277 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:05 	kernel 		pid 39788 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:06 	kernel 		pid 43264 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:07 	kernel 		pid 46291 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:08 	kernel 		pid 49802 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:09 	kernel 		pid 52665 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:10 	Squid_Alarm 	56905 	Squid has exited. Reconfiguring filter.
Jul 29 09:05:10 	Squid_Alarm 	57086 	Attempting restart...
Jul 29 09:05:13 	Squid_Alarm 	59138 	Reconfiguring filter...
Jul 29 09:05:13 	check_reload_status 		Reloading filter
Jul 29 09:05:14 	php-fpm 	397 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jul 29 09:05:14 	php-fpm 	397 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jul 29 09:05:15 	php-fpm 	397 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules.
Jul 29 09:36:16 	php-fpm 	30623 	/pkg_edit.php: Session timed out for user 'admin' from: 192.168.16.10 (Local Database)
Jul 29 09:36:18 	php-fpm 	30623 	/pkg_edit.php: Successful login for user 'admin' from: 192.168.16.10 (Local Database)
Jul 29 09:36:52 	php-fpm 	339 	/pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now...
Jul 29 09:36:52 	php-fpm 	339 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 09:36:53 	php-fpm 	339 	/pkg_edit.php: [squid] Creating cache dir '/var/squid/cache' ...
Jul 29 09:36:53 	php-fpm 	339 	/pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache ...
Jul 29 09:36:56 	php-fpm 	339 	/pkg_edit.php: [squid] Starting service...
Jul 29 09:36:56 	php-fpm 	339 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 09:36:57 	check_reload_status 		Syncing firewall
Jul 29 09:36:57 	php-fpm 	339 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Adding cronjobs ...
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Antivirus features disabled.
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 09:37:00 	php-fpm 	339 	/pkg_edit.php: [squid] Reloading for configuration sync...
Jul 29 09:37:00 	php-fpm 	339 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 09:37:01 	check_reload_status 		Reloading filter
Jul 29 09:39:28 	sshd 	82200 	user root login class [preauth]
Jul 29 09:39:28 	sshd 	82200 	user root login class [preauth]
Jul 29 09:39:31 	sshd 	82200 	Accepted keyboard-interactive/pam for root from 192.168.16.10 port 50956 ssh2
Jul 29 09:49:43 	kernel 		pid 332 (squid), jid 0, uid 100: exited on signal 6
Jul 29 10:02:13 	kernel 		pid 32699 (squid), jid 0, uid 100: exited on signal 6 

Thank you again! i will start another thread if you think it will help someone else but me.

viktor_g

@mdalacu said in SquidGuard Group ACL not working:

@coffeelover I will test this imidiatly!
But if it is like this then it is a bug because Allow all destinations it is always disabled! I use it only for investigation.!!

EDIT: Yes you are right! If i removed the ip form Allow_all_destinations even if this ACL is disabled then Management ACL started working again!
Thank you for thi, i have tested everything but this! :-)

Seems related to https://redmine.pfsense.org/issues/4088

coffeelover

@viktor_g yeah, but i don't agree completely to the bug. It is filed very opinionated and some guesses are completely wrong.
Squidguard just resets a non-resolvable client to the default acl, which is common behaviour. If the default acl means 'allow_all', it is an configuration issue, it doesn't "renders squidguard useless".

But yes, perhaps a global setting like 'include non-linked acls in config' would be nice or at least a warning should be shown.

coffeelover

@mdalacu i would check:

• the system resources (cpu, ram, filesystem usage)
• the file permissions

Daily could mean that squid is not able to rotate the logs, because of wrong file permissions.

And if it works after you cleaned the disk cache, it could just be the filesystem filling up.

mdalacu

@coffeelover Hi. Thanks for your reply.
I have checked everthing...RAM CPU Disk Space ..nothing out of the ordinary.
The file permissions seems ok because the system rotates logs at 00:00 without problems.

Squid crashes between 9 and 9:30 AM every morning. I see nothing in crontab which runs at 9...

[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: ls -l
total 296544
-rw-r-----  1 squid  proxy  27603284 Jul 30 12:07 access.log
-rw-r-----  1 squid  proxy  95043059 Jul 30 00:00 access.log.0
-rw-r-----  1 squid  proxy  90147081 Jul 29 00:00 access.log.1
-rw-r-----  1 squid  proxy  82716598 Jul 28 00:00 access.log.2
-rw-r-----  1 squid  proxy    620734 Jul 30 11:38 cache.log
-rw-r-----  1 squid  proxy   1139736 Jul 29 17:33 cache.log.0
-rw-r-----  1 squid  proxy   1189305 Jul 28 17:27 cache.log.1
-rw-r-----  1 squid  proxy   3545291 Jul 27 22:47 cache.log.2
-rw-r-----  1 squid  proxy   1210310 Jul 30 11:47 netdb.state
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: df -h
Filesystem                                         Size    Used   Avail Capacity  Mounted on
/dev/gptid/d5335474-d186-11e9-b43e-00155d105a07     45G    2.3G     39G     5%    /
devfs                                              1.0K    1.0K      0B   100%    /dev
/dev/md0                                           3.4M    108K    3.0M     3%    /var/run
devfs                                              1.0K    1.0K      0B   100%    /var/dhcpd/dev
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: ls -ltr ../cache/
total 68
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 00
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 01
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 02
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 03
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 04
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 05
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 06
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 07
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 08
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 09
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0A
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0B
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0C
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0D
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0E
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0F
-rw-r-----    1 squid  proxy    72 Jul 30 09:43 swap.state
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: cat /etc/cro
cron.d/  crontab
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: cat /etc/crontab
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD$
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
#
#minute hour    mday    month   wday    who     command
#
#*/5    *       *       *       *       root    /usr/libexec/atrun
#
# Save some entropy so that /dev/random can re-seed on boot.
#*/11   *       *       *       *       operator /usr/libexec/save-entropy
#
# Rotate log files every hour, if necessary.
#0      *       *       *       *       root    newsyslog
#
# Perform daily/weekly/monthly maintenance.
#1      3       *       *       *       root    periodic daily
#15     4       *       *       6       root    periodic weekly
#30     5       1       *       *       root    periodic monthly
#
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time.  See adjkerntz(8) for details.
#1,31   0-5     *       *       *       root    adjkerntz -a
#
# pfSense specific crontab entries
# Created: July 28, 2020, 8:51 am
#

1,31    0-5     *       *       *       root    /usr/bin/nice -n20 adjkerntz -a
1       3       1       *       *       root    /usr/bin/nice -n20 /etc/rc.update_bogons.sh
1       1       *       *       *       root    /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60    *       *       *       *       root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
30      12      *       *       *       root    /usr/bin/nice -n20 /etc/rc.update_urltables
1       0       *       *       *       root    /usr/bin/nice -n20 /etc/rc.update_pkg_metadata
0       0       *       *       *       root    /usr/bin/nice -n20 /usr/local/etc/rc.d/squidGuard_logrotate
30      1       *       *       *       root    /root/squidGuard_blacklist_update.sh
0       0       *       *       *       root    /usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf
15      0       *       *       *       root    /usr/local/pkg/swapstate_check.php
0       */12    *       *       *       root    /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today
15      0       *       *       *       root    /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday
#
# If possible do not add items to this file manually.
# If done so, this file must be terminated with a blank line (e.g. new line)
#

This is the log from today whan it crashed at 9:14.

Jul 29 14:20:26 check_reload_status Syncing firewall
Jul 29 14:20:26 check_reload_status Syncing firewall
Jul 29 14:20:31 check_reload_status Syncing firewall
Jul 29 14:20:42 php-fpm 397 /pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Adding cronjobs ...
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Antivirus features disabled.
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 14:20:45 php-fpm 397 /pkg_edit.php: [squid] Reloading for configuration sync...
Jul 29 14:20:46 php-fpm 397 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 14:20:47 check_reload_status Reloading filter
Jul 29 15:45:17 check_reload_status Syncing firewall
Jul 29 15:45:17 check_reload_status Syncing firewall
Jul 29 15:45:28 check_reload_status Syncing firewall
Jul 29 15:45:39 php-fpm 99938 /pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Adding cronjobs ...
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Antivirus features disabled.
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 15:45:41 php-fpm 99938 /pkg_edit.php: [squid] Reloading for configuration sync...
Jul 29 15:45:41 php-fpm 99938 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 15:45:42 check_reload_status Reloading filter
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 19 d2 28 40 00
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 07 4f 08 01 00
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
Jul 30 05:00:55 rc.gateway_alarm 7850 >>> Gateway alarm: GW_WAN (Addr:192.168.16.1 Alarm:1 RTT:1.383ms RTTsd:1.839ms Loss:21%)
Jul 30 05:00:55 check_reload_status updating dyndns GW_WAN
Jul 30 05:00:55 check_reload_status Restarting ipsec tunnels
Jul 30 05:00:55 check_reload_status Restarting OpenVPN tunnels/interfaces
Jul 30 05:00:55 check_reload_status Reloading filter
Jul 30 05:02:23 check_reload_status Linkup starting hn0
Jul 30 05:02:23 kernel hn0: network changed, change 1
Jul 30 05:02:23 kernel hn0: link state changed to DOWN
Jul 30 05:02:24 php-fpm 99938 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:24 check_reload_status Reloading filter
Jul 30 05:02:27 sshd 82200 Timeout, client not responding.
Jul 30 05:02:28 check_reload_status Linkup starting hn0
Jul 30 05:02:28 kernel hn0: link state changed to UP
Jul 30 05:02:29 php-fpm 339 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:29 check_reload_status Reloading filter
Jul 30 05:02:41 check_reload_status Linkup starting hn0
Jul 30 05:02:41 kernel hn0: network changed, change 1
Jul 30 05:02:41 kernel hn0: link state changed to DOWN
Jul 30 05:02:42 php-fpm 30623 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:42 check_reload_status Reloading filter
Jul 30 05:02:46 check_reload_status Linkup starting hn0
Jul 30 05:02:46 kernel hn0: link state changed to UP
Jul 30 05:02:47 php-fpm 338 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:47 check_reload_status Reloading filter
Jul 30 05:02:53 check_reload_status Linkup starting hn0
Jul 30 05:02:53 kernel hn0: network changed, change 1
Jul 30 05:02:53 kernel hn0: link state changed to DOWN
Jul 30 05:02:54 php-fpm 22515 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:54 check_reload_status Reloading filter
Jul 30 05:02:58 check_reload_status Linkup starting hn0
Jul 30 05:02:58 kernel hn0: link state changed to UP
Jul 30 05:02:59 php-fpm 397 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:59 check_reload_status Reloading filter
Jul 30 05:04:14 rc.gateway_alarm 86494 >>> Gateway alarm: GW_WAN (Addr:192.168.16.1 Alarm:0 RTT:1.445ms RTTsd:1.415ms Loss:5%)
Jul 30 05:04:14 check_reload_status updating dyndns GW_WAN
Jul 30 05:04:14 check_reload_status Restarting ipsec tunnels
Jul 30 05:04:14 check_reload_status Restarting OpenVPN tunnels/interfaces
Jul 30 05:04:14 check_reload_status Reloading filter
Jul 30 09:14:55 kernel pid 3599 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:56 kernel pid 58817 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:57 kernel pid 61209 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:58 kernel pid 64892 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:59 kernel pid 67991 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:15:00 kernel pid 71182 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:15:22 Squid_Alarm 75627 Squid has exited. Reconfiguring filter.
Jul 30 09:15:22 Squid_Alarm 75891 Attempting restart...
Jul 30 09:15:25 Squid_Alarm 77973 Reconfiguring filter...
Jul 30 09:15:25 check_reload_status Reloading filter
Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules.
Jul 30 09:19:47 php-fpm 397 /pkg_edit.php: Session timed out for user 'admin' from: 192.168.16.10 (Local Database)
Jul 30 09:19:49 php-fpm 397 /pkg_edit.php: Successful login for user 'admin' from: 192.168.16.10 (Local Database)
Jul 30 09:20:19 php-fpm 22515 /pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now...
Jul 30 09:20:19 php-fpm 22515 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 30 09:20:21 php-fpm 22515 /pkg_edit.php: [squid] Creating cache dir '/var/squid/cache' ...
Jul 30 09:20:21 php-fpm 22515 /pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache ...
Jul 30 09:20:25 php-fpm 22515 /pkg_edit.php: [squid] Starting service...
Jul 30 09:20:25 php-fpm 22515 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 30 09:20:26 check_reload_status Syncing firewall
Jul 30 09:20:26 php-fpm 22515 /pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Adding cronjobs ...
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Antivirus features disabled.
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 30 09:20:29 php-fpm 22515 /pkg_edit.php: [squid] Reloading for configuration sync...
Jul 30 09:20:29 php-fpm 22515 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 30 09:20:30 check_reload_status Reloading filter

What other logs should i check?
Thank you again! :-)

coffeelover

@mdalacu said in SquidGuard Group ACL not working:

Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 19 d2 28 40 00
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 07 4f 08 01 00
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)

And it works before 9? These scsi errors are from hyper-v snapshots i guess?
Perhaps try to disable these? There is no filesystem error, but i think it is worth a try.

And you should increase the debug level:

debug_options 1,5 6,5 ALL,1

Section 1 is main loop, Section 6 is disk i/o.

mdalacu

Hi coffelover!
Yes you are right, at that time windows backup start. But unfortuantly it is unrelated.
But today i have restarted and cleaned the cache at 8:30 AM from UI to see if it will crash again. At 9:02 it crashed ...:/ CPU was ok, RAM also, disk space 35 GB free...
Could be an user that try to access something that crashes the whole squid? The office hours starts at 9:00 AM here..
Is there any other log that i could look into?
Thanks.

Jul 31 08:42:06 	php-fpm 	28232 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 08:42:07 	check_reload_status 		Reloading filter
Jul 31 09:02:56 	kernel 		pid 43401 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:57 	kernel 		pid 52412 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:58 	kernel 		pid 55101 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:59 	kernel 		pid 58638 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:00 	kernel 		pid 61188 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:01 	kernel 		pid 63750 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:17 	Squid_Alarm 	68674 	Squid has exited. Reconfiguring filter.
Jul 31 09:03:17 	Squid_Alarm 	68975 	Attempting restart...
Jul 31 09:03:20 	Squid_Alarm 	71372 	Reconfiguring filter...
Jul 31 09:03:20 	check_reload_status 		Reloading filter
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules.
Jul 31 09:13:27 	php-fpm 	338 	/pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now...
Jul 31 09:13:27 	php-fpm 	338 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 31 09:13:28 	php-fpm 	338 	/pkg_edit.php: [squid] Creating cache dir '/var/squid/cache' ...
Jul 31 09:13:28 	php-fpm 	338 	/pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache ...
Jul 31 09:13:31 	php-fpm 	338 	/pkg_edit.php: [squid] Starting service...
Jul 31 09:13:31 	radiusd 	63099 	(109) Login OK: [DSP03] (from client T2600G-52TS_01 port 0 via TLS tunnel)
Jul 31 09:13:31 	radiusd 	63099 	(110) Login OK: [DSP03] (from client T2600G-52TS_01 port 3 cli f4-4d-30-6b-80-ce)
Jul 31 09:13:32 	php-fpm 	338 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 09:13:33 	check_reload_status 		Syncing firewall
Jul 31 09:13:33 	php-fpm 	338 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Adding cronjobs ...
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Antivirus features disabled.
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 31 09:13:35 	php-fpm 	338 	/pkg_edit.php: [squid] Reloading for configuration sync...
Jul 31 09:13:35 	php-fpm 	338 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 09:13:36 	check_reload_status 		Reloading filter
Jul 31 09:15:03 	check_reload_status 		Syncing firewall
Jul 31 09:15:03 	check_reload_status 		Syncing firewall
Jul 31 09:15:11 	check_reload_status 		Syncing firewall
Jul 31 09:15:22 	php-fpm 	28232 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Adding cronjobs ...
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Antivirus features disabled.
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 31 09:15:24 	php-fpm 	28232 	/pkg_edit.php: [squid] Reloading for configuration sync...
Jul 31 09:15:24 	php-fpm 	28232 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 09:15:25 	check_reload_status 		Reloading filter
Jul 31 09:15:27 	radiusd 	63099 	(121) Login OK: [MCV18] (from client T2600G-52TS_01 port 0 via TLS tunnel)
Jul 31 09:15:27 	radiusd 	63099 	(122) Login OK: [MCV18] (from client T2600G-52TS_01 port 14 cli a4-ae-e4-7d-b5-f1)

coffeelover

The debugging logs from squid go to /var/log/squid/cache.log

mdalacu

Hi. I do not have such a file..but:
/var/squid/logs/cache.log

This is the log from the time of crash...and it continuies like this...6000 lines...
Do you see anything importand than the second log line?
Thanks
EDIT: I have problem pasting the log here...it says that contains spam. So i have uplaoded the log as an atachmentsquid.cache.log.txt

2020-07-31 08:46:56 [45559] logfile not allowed in acl other than default
2020/07/31 09:02:56 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/07/31 09:02:56 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/07/31 09:02:56 kid1| Service Name: squid
2020-07-31 09:02:56 [53246] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log
2020-07-31 09:02:56 [53246] New setting: logdir: /var/squidGuard/log
2020-07-31 09:02:56 [53246] New setting: dbhome: /var/db/squidGuard
2020-07-31 09:02:56 [53246] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains
2020-07-31 09:02:56 [53246] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db
2020-07-31 09:02:56 [53246] init urllist /var/db/squidGuard/blk_blacklists_ads/urls
2020-07-31 09:02:56 [53246] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db

coffeelover

Your permissions for /var/log/squidGuard/squidGuard.log are not correct.

And i would check my generated whitelist file and possibly fix the whitelist entries.

mdalacu

This post is deleted!

mdalacu

@coffeelover
Hi This ar the permission for the file. Are those wrong?

[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/log/squidGuard: ls -ltr
total 1632
-rw-r--r--  1 root  squid  1624971 Aug  3 01:30 squidGuard.log
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/log/squidGuard:

The whitelists are only modified in the UI...
this is the file:

[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/acl: cat whitelist.acl
microsoft.com
download.microsoft.com
download.windowsupdate.com
update.microsoft.com
dl.delivery.mp.microsoft.com
emdl.ws.microsoft.com
update.microsoft.com.akadns.net
update.microsoft.com.nsatc.net
windowsupdate.com
windowsupdate.microsoft.com
ntservicepack.microsoft.com
wustat.windows.com
facebook.com
decl.anaf.mfinante.gov.ro
anaf.ro[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/acl:

Is there anything wrong? Thx.