Squid is killing me! Please help. Invalid url and i have already tried google!



  • Hello,

    If anyone could help me with this you can save a bullet from my head! haha jk. im trying to set up squid proxy and Ive tried google and bing :)) here is my squid config not sure what im doing wrong but i get a invalid URL every time i turn on allow all users.

    Do not edit manually !

    http_port 192.168.0.1:3128
    icp_port 0

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/pbi/squid-amd64/etc/squid/errors/English
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname proxy.pfsense.secure
    cache_mgr Ericr@kinetisys.com
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    logfile_rotate 7
    shutdown_lifetime 3 seconds
    uri_whitespace strip
    dns_nameservers 192.168.0.236 4.2.2.2 68.94.156.1 68.94.157.1
    cache_mem 4000 MB
    maximum_object_size_in_memory 250 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 20000 64 256
    minimum_object_size 0 KB
    maximum_object_size 307200 KB
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95

    No redirector configured

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 80 443
    acl sslports port 443 563  443
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    acl allowed_subnets src 192.168.0.0/24
    cache deny dynamic
    http_access allow manager localhost

    Allow external cache managers

    acl ext_manager_1 src 192.168.0.1
    http_access allow manager ext_manager_1

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    reply_body_max_size 0 deny all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all

    Setup allowed acls

    http_access allow allowed_subnets

    Default block all to be sure

    http_access deny all



  • Enable log and check cache.log
    You can try squid -k parse too.



  • Hello, Thank you for the quick response. Not sure how to do the squid -k parse. i have pulled two hours or so from my log.

    2013/08/22 12:07:24| Starting Squid Cache version 2.7.STABLE9 for amd64-portbld-freebsd8.1…
    2013/08/22 12:07:24| Process ID 34960
    2013/08/22 12:07:24| With 11095 file descriptors available
    2013/08/22 12:07:24| Using kqueue for the IO loop
    2013/08/22 12:07:24| DNS Socket created at 0.0.0.0, port 33351, FD 11
    2013/08/22 12:07:24| Adding domain kinetisys.com from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 68.94.156.1 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 68.94.157.1 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 10.0.0.1 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 192.168.0.253 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 68.94.156.1 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2013/08/22 12:07:24| Adding nameserver 4.2.2.2 from /etc/resolv.conf
    2013/08/22 12:07:24| Referer logging is disabled.
    2013/08/22 12:07:24| logfileOpen: opening log /var/squid/logs/access.log
    2013/08/22 12:07:24| Unlinkd pipe opened on FD 17
    2013/08/22 12:07:24| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
    2013/08/22 12:07:24| Target number of buckets: 425
    2013/08/22 12:07:24| Using 8192 Store buckets
    2013/08/22 12:07:24| Max Mem  size: 8192 KB
    2013/08/22 12:07:24| Max Swap size: 102400 KB
    2013/08/22 12:07:24| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
    2013/08/22 12:07:24| logfileOpen: opening log /var/squid/logs/store.log
    2013/08/22 12:07:24| Rebuilding storage in /var/squid/cache (DIRTY)
    2013/08/22 12:07:24| Using Least Load store dir selection
    2013/08/22 12:07:24| Set Current Directory to /var/squid/cache
    2013/08/22 12:07:24| Loaded Icons.
    2013/08/22 12:07:24| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 18.
    2013/08/22 12:07:24| Accepting ICP messages at 0.0.0.0, port 3130, FD 19.
    2013/08/22 12:07:24| Accepting HTCP messages on port 4827, FD 22.
    2013/08/22 12:07:24| Accepting SNMP messages on port 3401, FD 23.
    2013/08/22 12:07:24| WCCP Disabled.
    2013/08/22 12:07:24| Ready to serve requests.
    2013/08/22 12:07:25| Done scanning /var/squid/cache (0 entries)
    2013/08/22 12:07:25| Finished rebuilding storage from disk.
    2013/08/22 12:07:25|        0 Entries scanned
    2013/08/22 12:07:25|        0 Invalid entries.
    2013/08/22 12:07:25|        0 With invalid flags.
    2013/08/22 12:07:25|        0 Objects loaded.
    2013/08/22 12:07:25|        0 Objects expired.
    2013/08/22 12:07:25|        0 Objects cancelled.
    2013/08/22 12:07:25|        0 Duplicate URLs purged.
    2013/08/22 12:07:25|        0 Swapfile clashes avoided.
    2013/08/22 12:07:25|  Took 0.5 seconds (  0.0 objects/sec).
    2013/08/22 12:07:25| Beginning Validation Procedure
    2013/08/22 12:07:25|  Completed Validation Procedure
    2013/08/22 12:07:25|  Validated 0 Entries
    2013/08/22 12:07:25|  store_swap_size = 0k
    2013/08/22 12:07:25| storeLateRelease: released 0 objects
    2013/08/28 18:46:12| WARNING: Unused ICP version 33 received from 61.147.76.67:24232
    2013/08/28 19:11:22| WARNING: Unused ICP version 98 received from 213.231.100.60:56435
    2013/08/28 19:17:19| WARNING: Unused ICP version 17 received from 122.226.212.234:17657
    2013/08/28 19:32:34| WARNING: Unused ICP version 17 received from 122.226.212.234:17657
    2013/08/29 10:02:57| Preparing for shutdown after 3 requests
    2013/08/29 10:02:57| Waiting 30 seconds for active connections to finish
    2013/08/29 10:02:57| FD 18 Closing HTTP connection
    2013/08/29 10:12:27| Starting Squid Cache version 2.7.STABLE9 for amd64-portbld-freebsd8.1...
    2013/08/29 10:12:27| Process ID 54861
    2013/08/29 10:12:27| With 11095 file descriptors available
    2013/08/29 10:12:27| Using kqueue for the IO loop
    2013/08/29 10:12:27| DNS Socket created at 0.0.0.0, port 23008, FD 11
    2013/08/29 10:12:27| Adding domain kinetisys.com from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 68.94.157.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 10.0.0.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 192.168.0.253 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 4.2.2.2 from /etc/resolv.conf
    2013/08/29 10:12:27| Referer logging is disabled.
    2013/08/29 10:12:27| logfileOpen: opening log /dev/null
    2013/08/29 10:12:27| Unlinkd pipe opened on FD 16
    2013/08/29 10:12:27| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
    2013/08/29 10:12:27| Target number of buckets: 425
    2013/08/29 10:12:27| Using 8192 Store buckets
    2013/08/29 10:12:27| Max Mem  size: 8192 KB
    2013/08/29 10:12:27| Max Swap size: 102400 KB
    2013/08/29 10:12:27| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
    2013/08/29 10:12:27| Store logging disabled
    2013/08/29 10:12:27| Rebuilding storage in /var/squid/cache (DIRTY)
    2013/08/29 10:12:27| Using Least Load store dir selection
    2013/08/29 10:12:27| Current Directory is /usr/local/www
    2013/08/29 10:12:27| Loaded Icons.
    2013/08/29 10:12:27| Accepting proxy HTTP connections at 192.168.0.1, port 3128, FD 15.
    2013/08/29 10:12:27| Accepting HTCP messages on port 4827, FD 17.
    2013/08/29 10:12:27| Accepting SNMP messages on port 3401, FD 18.
    2013/08/29 10:12:27| WCCP Disabled.
    2013/08/29 10:12:27| Ready to serve requests.
    2013/08/29 10:12:27| Reconfiguring Squid Cache (version 2.7.STABLE9)...
    2013/08/29 10:12:27| FD 15 Closing HTTP connection
    2013/08/29 10:12:27| FD 17 Closing HTCP socket
    2013/08/29 10:12:27| FD 18 Closing SNMP socket
    2013/08/29 10:12:27| logfileClose: closing log /dev/null
    2013/08/29 10:12:27| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2013/08/29 10:12:27| Cache dir '/var/squid/cache' size remains unchanged at 102400 KB
    2013/08/29 10:12:27| Initialising SSL.
    2013/08/29 10:12:27| logfileOpen: opening log /dev/null
    2013/08/29 10:12:27| Store logging disabled
    2013/08/29 10:12:27| Referer logging is disabled.
    2013/08/29 10:12:27| DNS Socket created at 0.0.0.0, port 18532, FD 12
    2013/08/29 10:12:27| Adding domain kinetisys.com from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 68.94.157.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 10.0.0.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 192.168.0.253 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 68.94.156.1 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 8.8.8.8 from /etc/resolv.conf
    2013/08/29 10:12:27| Adding nameserver 4.2.2.2 from /etc/resolv.conf



  • @Stryderking:

    Hello, Thank you for the quick response. Not sure how to do the squid -k parse. i have pulled two hours or so from my log.

    Go to pfsense console/ssh and type

    squid -k parse



  • Ok i typed that into shell. Nothing happened that i noticed. I have rebooted pfsense and still same issues. URLs work fine until i check Allow users on interface. then it will just say connecting. I can still ping Google.com or bing.com and games and steams such as Pandora will still work. but trying to load something new will just sit and spin.



  • under realtime i am pulled this

    Date IP Status Address User Destination
    20.10.2013 18:43:39 199.87.232.177 TCP_DENIED/403 203.188.201.203:25 - -
    20.10.2013 15:29:54 121.56.114.123 TCP_DENIED/403 http://www.163.com/ - -
    20.10.2013 02:39:25 121.56.113.165 TCP_DENIED/403 http://www.163.com/ - -
    19.10.2013 16:01:35 121.56.113.165 TCP_DENIED/403 http://www.163.com/ - -
    19.10.2013 01:09:01 1.34.22.39 TCP_DENIED/403 smtp.mail.yahoo.com:25 - -

    not sure if this helps or not.



  • @Stryderking:

    under realtime i am pulled this

    Date IP Status Address User Destination
    20.10.2013 18:43:39 199.87.232.177 TCP_DENIED/403 203.188.201.203:25 - -
    19.10.2013 01:09:01 1.34.22.39 TCP_DENIED/403 smtp.mail.yahoo.com:25 - -

    Smtp access on squid? This is really weird. ???



  • Yeah im not sure what to do from here. My next step will be to reinstall pfsense start from scratch.


Log in to reply