Squid / SquidGuard suddenly failing (October 3rd 2014) on multiple sites



  • I run 2.1.5-RELEASE  (i386) with Squid 2.7.9 pkg v.4.3.4 and SquidGuard devel 1.5_1.1 beta qith the Shallalist blacklist. Ran smooth until yesterday, when suddenly most HTTP traffic got "stuck", with web content only sporadically getting through, Pings and RDP had no isses. I noticed that the SquidGuard service had stopped. Restarting wouldn't help. No config changes in the near past, so this happened quite surprising.

    I connecected via RDP to a Windows server on another site. Same issue with HTTP traffic there. However, here the SquidGuard Service ran. Different ISP, different modem, but same router hardware and same pfSense version.

    I switched off transparent mode in Squid on both sites. AFter that, all went back to normal on both sites (except that now advertising isn't blocked any more…).

    Any idea why Squid would suddenly fail on two totdally different sites on the same date?



  • in my humble opinion anything could stop SQUID , its very week  due to no constrains in add or remove ACL's , IP's , etc ..
    there is no "on the spot" warning if you add wrong ACL name or structure "it just save the configuration"

    to find the problem out  from console > squid -z  or squid -k shutdown and wait for almost 10 seconds and read the output
    or from system logs search to squid errors
    and i use cron to restart this service every morning
    and watchdog to start the service if it stop working suddenly during work time

    "i have one situation that the error shown in the log the next day "

    some tweaks on squid3-dev "with absolutely donation to the developer "  could make huge different

    I as my self try to donate to the developer but my country is blocked



  • Any issue with logs and filesystem size limits?



  • @KOM:

    Any issue with logs and filesystem size limits?

    I suppose no. The dashboard mentions "Disk Usage 11% of 104G". Log rotation is set to three days. Hm, funny, I thought I had logging disabled, but it's active. I guess that I had re-enabled it after I swapped the 4G SSD against a 104G SSD. Yes, I have had log files eating up disk space with the old 4G SSD ;-)



  • Anything Squid-related in your System log?  Anything of interest in /var/squid/cache.log?



  • According to the logs, everything must be fine. The squidGuard has at some time started working again on its own.

    With squidGuard active, most webpages either load slow, partially or not at all. It does not looks it is blocking, but rather being extremely sluggish. CPU utilization is normal. I tried different things. The one thing which changed something was to disable the blacklist in squidGuard (first configuration tab on the squidGuard WebGUI config page, near the bottom, unchecked the "Check this option to enable blacklist" checkbox). Web pages were retrieved flawlessly again.

    So…currently, my best guess is that there is something wrong with the Shallalist and/or how squiudGuard handles it. Remember, the same issue appeared at two different sites at about the same date, so I suspect that a sudden hardware (SSD) failure or provider issues out of the question, it must be something in the software/data domain.

    I tried re-downloading the blacklist via the WebGUI, but to no avail, the issues persisted.

    Next I tried (via SSH):

    cd /var/db/squidGuard
    rm -R blk*
    

    After that, I re-downloaded the blacklist via the WebGUI.

    Very much to my surprise, everything worked again.



  • Very strange.  I was about to suggest a large, full cache being the root cause but it doesn't appear to have anything to do with that.



  • please post your feed back after one week
    i face the same problem  but i go a different way

    https://forum.pfsense.org/index.php?topic=82677.0

    i create this cron as temporary solution

    *    *    *    *    *    root    /usr/pbi/squid-amd64/sbin/squid -k reconfigure

    it work fine tell now ,I have some doubts about it "but employee shouting about the suddenly internet fade out"

    any help please



  • How much ram is in this machine?  And how big is the cache size?  And what percent full is the cache?



  • In my case, the machine has 2GB RAM, 104GB SSD. RRD graphs show that during the last 30 days, Minimum free Memory was 40% (that also accounts for the OS Cache, which is not included in the regular memory usage, as it will be drropped immediarely if an application demand more Memory). Real memory usage was typically at 10%, with Peaks going up to 20%. Disk usage: 11%. Most of this are probably pfSense backups. Yes, I maninly use squid/squidGuard for filtering, only a very specific set of files gets ever cached.

    On a third pfSense box, I has no SSH access, so I used a one-liner in the Daignostics : Command Prompt WebGUI:

    rm -R /var/db/squidGuard/blk*
    

    After that, re-download of the blacklist. However, on the third box, squid does not run in transparent mode, and I am not aware if any users dook the option of manually configuring the proxy. As I received no complaints, most probably none.