Erro no Squid - the cache administrador does not allow this cache to make direct



  • Boa tarde Galera, podem me ajudar com uma coisa, ativei o squid e ele monitorou tranquilamente, mas depois de um tempo ele deu esse erro:

    the cache administrador does not allow this cache to make direct connections to origin servers
    all configured parent caches are currently unreachable

    Já procurei em todos lugares o que pode ser, não consegui achar, já até liberei umas portas no firewall para ver se seria isso, mas não consegui identificar.

    Obrigado pela ajuda, estou mandando um print do erro.

    Obs: o facebook ele continuou acessando normalmente.

    ![Foto 17-07-15 18 03 10.jpg](/public/imported_attachments/1/Foto 17-07-15 18 03 10.jpg)
    ![Foto 17-07-15 18 03 10.jpg_thumb](/public/imported_attachments/1/Foto 17-07-15 18 03 10.jpg_thumb)



  • Deve ter algum erro e configuração do squid.
    Coloque as configurações.



  • Segue abaixo:

    squid.inc

    /* $Id$ */
    /*
            squid.inc
            Copyright (C) 2006-2009 Scott Ullrich
            Copyright (C) 2006 Fernando Lemos
            Copyright (C) 2008 Martin Fuchs
            All rights reserved.
    
            Redistribution and use in source and binary forms, with or without
            modification, are permitted provided that the following conditions are met:
    
            1\. Redistributions of source code must retain the above copyright notice,
               this list of conditions and the following disclaimer.
    
            2\. Redistributions in binary form must reproduce the above copyright
               notice, this list of conditions and the following disclaimer in the
               documentation and/or other materials provided with the distribution.
    
            THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
            OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
            SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
            INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
            ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
            POSSIBILITY OF SUCH DAMAGE.
    */
    
    require_once('globals.inc');
    require_once('config.inc');
    require_once('util.inc');
    require_once('pfsense-utils.inc');
    require_once('pkg-utils.inc');
    require_once('service-utils.inc');
    
    if(!function_exists("filter_configure"))
            require_once("filter.inc");
    
    $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
    if ($pf_version > 2.0)
            define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m"));
    else
      define('SQUID_LOCALBASE','/usr/local');
    
    define('SQUID_CONFBASE',SQUID_LOCALBASE . '/etc/squid');
    define('SQUID_BASE', '/var/squid/');
    define('SQUID_ACLDIR', '/var/squid/acl');
    define('SQUID_PASSWD', '/var/etc/squid.passwd');
    
    $valid_acls = array();
    
    function squid_get_real_interface_address($iface) {
            global $config;
    
            $iface = convert_friendly_interface_to_real_interface_name($iface);
            $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
            list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
    
            return array($ip, long2ip(hexdec($netmask)));
    }
    
    function squid_chown_recursive($dir, $user, $group) {
            chown($dir, $user);
            chgrp($dir, $group);
            $handle = opendir($dir) ;
            while (($item = readdir($handle)) !== false) {
                    if (($item != ".") && ($item != "..")) {
                            $path = "$dir/$item";
                            // Recurse unless it's the cache dir, that is slow and rarely necessary.
                            if (is_dir($path) && (basename($dir) != "cache"))
                                    squid_chown_recursive($path, $user, $group);
                            elseif (is_file($path)) {
                                    chown($path, $user);
                                    chgrp($path, $group);
                            }
                    }
            }
    }
    
    /* setup cache */
    function squid_dash_z() {
            global $config;
            $settings = $config['installedpackages']['squidcache']['config'][0];
    
            // If the cache system is null, there is no need to initialize the (irrelevant) cache dir.
            if ($settings['harddisk_cache_system'] == "null")
                    return;
    
            $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
    
            if(!is_dir($cachedir.'/')) {
                    log_error("Creating Squid cache dir $cachedir");
                    @mkdir($cachedir, 0755, true);
                    // Double check permissions here, should be safe to recurse cache dir if it's small here.
                    mwexec("/usr/sbin/chown -R proxy:proxy $cachedir");
            }
    
            if(!is_dir($cachedir.'/00/')) {
                    log_error("Creating squid cache subdirs in $cachedir");
                    mwexec(SQUID_LOCALBASE . "/sbin/squid -k shutdown");
                    sleep(5);
                    mwexec(SQUID_LOCALBASE . "/sbin/squid -k kill");
                    // Double check permissions here, should be safe to recurse cache dir if it's small here.
                    mwexec("/usr/sbin/chown -R proxy:proxy $cachedir");
                    mwexec(SQUID_LOCALBASE . "/sbin/squid -z");
            }
    
            if(file_exists("/var/squid/cache/swap.state")) {
                    chown("/var/squid/cache/swap.state", "proxy");
                    chgrp("/var/squid/cache/swap.state", "proxy");
                    exec("chmod a+rw /var/squid/cache/swap.state");
            }
    
    }
    
    function squid_is_valid_acl($acl) {
            global $valid_acls;
            if(!is_array($valid_acls))
                    return;
            return in_array($acl, $valid_acls);
    }
    
    function squid_install_command() {
            global $config;
            global $g;
            /* migrate existing csv config fields */
            $settingsauth = $config['installedpackages']['squidauth']['config'][0];
            $settingscache = $config['installedpackages']['squidcache']['config'][0];
            $settingsnac = $config['installedpackages']['squidnac']['config'][0];
    
    [s]        /* Set storage system */
            if ($g['platform'] == "nanobsd") {
                    $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null';
            }
    
            /* migrate auth settings */
                            $settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts'])));
                            $config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts'];
                    }
            }
    
            /* migrate cache settings */
            if (!empty($settingscache['donotcache'])) {
                    if(strstr($settingscache['donotcache'], ",")) {
                            $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache'])));
                            $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache'];
                    }
            /* migrate nac settings */
            if(! empty($settingsnac['allowed_subnets'])) {
                    if(strstr($settingsnac['allowed_subnets'], ",")) {
                            $settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets'])));
                            $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets'];
                    }
            }
    
            if(! empty($settingsnac['banned_hosts'])) {
                    if(strstr($settingsnac['banned_hosts'], ",")) {
                            $settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts'])));
            }
    
            if(! empty($settingsnac['banned_macs'])) {
                    if(strstr($settingsnac['banned_macs'], ",")) {
                            $settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs'])));
                            $config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs'];
                    }
            }
    
            if(! empty($settingsnac['unrestricted_hosts'])) {
                    if(strstr($settingsnac['unrestricted_hosts'], ",")) {
                            $settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts'])));
                            $config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts'];
                    }
            }
    
            if(! empty($settingsnac['unrestricted_macs'])) {
                    if(strstr($settingsnac['unrestricted_macs'], ",")) {
                            $settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs'])));
                            $config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs'];
                    }
            }
    
            if(! empty($settingsnac['whitelist'])) {
                    if(strstr($settingsnac['whitelist'], ",")) {
                            $settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist'])));
                            $config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist'];
                    }
            }
    
            if(! empty($settingsnac['blacklist'])) {
                    if(strstr($settingsnac['blacklist'], ",")) {
                            $settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist'])));
                            $config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist'];
                    }
            }
    
            write_config();
    
            /* create cache */
            update_status("Creating squid cache pools... One moment please...");
            squid_dash_z();
            /* make sure pinger is executable */
            if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger"))
                    exec("/bin/chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger");
            if(file_exists(SQUID_LOCALBASE . "/etc/rc.d/squid"))
                    exec("/bin/rm " . SQUID_LOCALBASE . "/etc/rc.d/squid");
            if(file_exists("/usr/local/pkg/swapstate_check.php"))
                    exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php");
    
            foreach (array( SQUID_CONFBASE,
                    @mkdir($dir, 0755, true);
                    squid_chown_recursive($dir, 'proxy', 'proxy');
            }
    Message from syslogd@pfSense at Jul 21 20:31:26 ...
    pfSense php-fpm[93869]: /index.php: Successful login for user 'jpsinieghi' from: 12.8.0.15
    
            /* kill any running proxy alarm scripts */
            update_status("Checking for running processes... One moment please...");
            log_error("Stopping any running proxy monitors");
            mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop");
            sleep(1);
    
            if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default'))
                    copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf');
    
            update_status("Checking cache... One moment please...");
            squid_dash_z();
    
            if (!is_service_running('squid')) {
                    update_status("Starting... One moment please...");
                    log_error("Starting Squid");
                    mwexec_bg(SQUID_LOCALBASE . "/sbin/squid -D");
            } else {
                    update_status("Reloading Squid for configuration sync... One moment please...");
                    log_error("Reloading Squid for configuration sync");
                    mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure");
            }
    
            /* restart proxy alarm scripts */
    
            update_status("Reconfiguring filter... One moment please...");
            filter_configure();
                            break;
            }
    
            return $rules;
    }
    
    function squid_write_rcfile() {
            $rc = array();
            $SQUID_LOCALBASE = SQUID_LOCALBASE;
            $rc['file'] = 'squid.sh';
            $rc['start'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
            {$SQUID_LOCALBASE}/sbin/squid -D
    fi
    
    EOD;
            $rc['stop'] = <<<eod<br>{$SQUID_LOCALBASE}/sbin/squid -k shutdown
    # Just to be sure...
    sleep 5
    killall -9 squid 2>/dev/null
    killall pinger 2>/dev/null
    
    EOD;
            $rc['restart'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then
                    {$SQUID_LOCALBASE}/sbin/squid -D
            else
                    {$SQUID_LOCALBASE}/sbin/squid -k reconfigure
            fi
    
    EOD;
            conf_mount_rw();
            write_rcfile($rc);
            write_rcfile(array(
                    "file" => "sqp_monitor.sh",
                    "start" => "/usr/local/pkg/sqpmon.sh &",
                    "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill"));
            conf_mount_ro();
    }
    ?>
    
    [b]squid.conf[/b]
    [code]# Do not edit manually !
    http_port 12.10.0.5:3128
    http_port 12.8.0.5:3128
    http_port 127.0.0.1:3128 transparent
    icp_port 0
    
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/pbi/squid-amd64/etc/squid/errors/English
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname localhost
    cache_mgr gustavo@comunidadecn.com
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    logfile_rotate 60
    shutdown_lifetime 3 seconds
    httpd_suppress_version_string on
    uri_whitespace strip
    
    cache_mem 64 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 1024 16 256
    minimum_object_size 0 KB
    maximum_object_size 4 KB
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    
    # No redirector configured
    
    # Setup some default acls
    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
    acl sslports port 443 563
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin \?
    acl allowed_subnets src 12.10.0.0/23 12.8.0.0/22
    cache deny dynamic
    http_access allow manager localhost
    
    # Allow external cache managers
    acl ext_manager_1 src 127.0.0.1
    http_access allow manager ext_manager_1
    acl ext_manager_2 src 12.10.0.5
    http_access allow manager ext_manager_2
    acl ext_manager_3 src 12.8.0.5
    http_access allow manager ext_manager_3
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    reply_body_max_size 0 deny all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all
    
    # Setup allowed acls
    http_access allow allowed_subnets
    # Default block all to be sure
    http_access deny all
    [/code][/s]</eod<br></eod<br></eod<br>
    

Log in to reply