Erro no Squid - the cache administrador does not allow this cache to make direct
-
Boa tarde Galera, podem me ajudar com uma coisa, ativei o squid e ele monitorou tranquilamente, mas depois de um tempo ele deu esse erro:
the cache administrador does not allow this cache to make direct connections to origin servers
all configured parent caches are currently unreachableJá procurei em todos lugares o que pode ser, não consegui achar, já até liberei umas portas no firewall para ver se seria isso, mas não consegui identificar.
Obrigado pela ajuda, estou mandando um print do erro.
Obs: o facebook ele continuou acessando normalmente.
-
Deve ter algum erro e configuração do squid.
Coloque as configurações.
-
Segue abaixo:
squid.inc
/* $Id$ */ /* squid.inc Copyright (C) 2006-2009 Scott Ullrich Copyright (C) 2006 Fernando Lemos Copyright (C) 2008 Martin Fuchs All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1\. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2\. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require_once('globals.inc'); require_once('config.inc'); require_once('util.inc'); require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('service-utils.inc'); if(!function_exists("filter_configure")) require_once("filter.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m")); else define('SQUID_LOCALBASE','/usr/local'); define('SQUID_CONFBASE',SQUID_LOCALBASE . '/etc/squid'); define('SQUID_BASE', '/var/squid/'); define('SQUID_ACLDIR', '/var/squid/acl'); define('SQUID_PASSWD', '/var/etc/squid.passwd'); $valid_acls = array(); function squid_get_real_interface_address($iface) { global $config; $iface = convert_friendly_interface_to_real_interface_name($iface); $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); return array($ip, long2ip(hexdec($netmask))); } function squid_chown_recursive($dir, $user, $group) { chown($dir, $user); chgrp($dir, $group); $handle = opendir($dir) ; while (($item = readdir($handle)) !== false) { if (($item != ".") && ($item != "..")) { $path = "$dir/$item"; // Recurse unless it's the cache dir, that is slow and rarely necessary. if (is_dir($path) && (basename($dir) != "cache")) squid_chown_recursive($path, $user, $group); elseif (is_file($path)) { chown($path, $user); chgrp($path, $group); } } } } /* setup cache */ function squid_dash_z() { global $config; $settings = $config['installedpackages']['squidcache']['config'][0]; // If the cache system is null, there is no need to initialize the (irrelevant) cache dir. if ($settings['harddisk_cache_system'] == "null") return; $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); if(!is_dir($cachedir.'/')) { log_error("Creating Squid cache dir $cachedir"); @mkdir($cachedir, 0755, true); // Double check permissions here, should be safe to recurse cache dir if it's small here. mwexec("/usr/sbin/chown -R proxy:proxy $cachedir"); } if(!is_dir($cachedir.'/00/')) { log_error("Creating squid cache subdirs in $cachedir"); mwexec(SQUID_LOCALBASE . "/sbin/squid -k shutdown"); sleep(5); mwexec(SQUID_LOCALBASE . "/sbin/squid -k kill"); // Double check permissions here, should be safe to recurse cache dir if it's small here. mwexec("/usr/sbin/chown -R proxy:proxy $cachedir"); mwexec(SQUID_LOCALBASE . "/sbin/squid -z"); } if(file_exists("/var/squid/cache/swap.state")) { chown("/var/squid/cache/swap.state", "proxy"); chgrp("/var/squid/cache/swap.state", "proxy"); exec("chmod a+rw /var/squid/cache/swap.state"); } } function squid_is_valid_acl($acl) { global $valid_acls; if(!is_array($valid_acls)) return; return in_array($acl, $valid_acls); } function squid_install_command() { global $config; global $g; /* migrate existing csv config fields */ $settingsauth = $config['installedpackages']['squidauth']['config'][0]; $settingscache = $config['installedpackages']['squidcache']['config'][0]; $settingsnac = $config['installedpackages']['squidnac']['config'][0]; [s] /* Set storage system */ if ($g['platform'] == "nanobsd") { $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null'; } /* migrate auth settings */ $settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts']))); $config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts']; } } /* migrate cache settings */ if (!empty($settingscache['donotcache'])) { if(strstr($settingscache['donotcache'], ",")) { $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache']))); $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache']; } /* migrate nac settings */ if(! empty($settingsnac['allowed_subnets'])) { if(strstr($settingsnac['allowed_subnets'], ",")) { $settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets']))); $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets']; } } if(! empty($settingsnac['banned_hosts'])) { if(strstr($settingsnac['banned_hosts'], ",")) { $settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts']))); } if(! empty($settingsnac['banned_macs'])) { if(strstr($settingsnac['banned_macs'], ",")) { $settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs']))); $config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs']; } } if(! empty($settingsnac['unrestricted_hosts'])) { if(strstr($settingsnac['unrestricted_hosts'], ",")) { $settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts']))); $config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts']; } } if(! empty($settingsnac['unrestricted_macs'])) { if(strstr($settingsnac['unrestricted_macs'], ",")) { $settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs']))); $config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs']; } } if(! empty($settingsnac['whitelist'])) { if(strstr($settingsnac['whitelist'], ",")) { $settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist']))); $config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist']; } } if(! empty($settingsnac['blacklist'])) { if(strstr($settingsnac['blacklist'], ",")) { $settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist']))); $config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist']; } } write_config(); /* create cache */ update_status("Creating squid cache pools... One moment please..."); squid_dash_z(); /* make sure pinger is executable */ if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) exec("/bin/chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); if(file_exists(SQUID_LOCALBASE . "/etc/rc.d/squid")) exec("/bin/rm " . SQUID_LOCALBASE . "/etc/rc.d/squid"); if(file_exists("/usr/local/pkg/swapstate_check.php")) exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); foreach (array( SQUID_CONFBASE, @mkdir($dir, 0755, true); squid_chown_recursive($dir, 'proxy', 'proxy'); } Message from syslogd@pfSense at Jul 21 20:31:26 ... pfSense php-fpm[93869]: /index.php: Successful login for user 'jpsinieghi' from: 12.8.0.15 /* kill any running proxy alarm scripts */ update_status("Checking for running processes... One moment please..."); log_error("Stopping any running proxy monitors"); mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); sleep(1); if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default')) copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf'); update_status("Checking cache... One moment please..."); squid_dash_z(); if (!is_service_running('squid')) { update_status("Starting... One moment please..."); log_error("Starting Squid"); mwexec_bg(SQUID_LOCALBASE . "/sbin/squid -D"); } else { update_status("Reloading Squid for configuration sync... One moment please..."); log_error("Reloading Squid for configuration sync"); mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); } /* restart proxy alarm scripts */ update_status("Reconfiguring filter... One moment please..."); filter_configure(); break; } return $rules; } function squid_write_rcfile() { $rc = array(); $SQUID_LOCALBASE = SQUID_LOCALBASE; $rc['file'] = 'squid.sh'; $rc['start'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then {$SQUID_LOCALBASE}/sbin/squid -D fi EOD; $rc['stop'] = <<<eod<br>{$SQUID_LOCALBASE}/sbin/squid -k shutdown # Just to be sure... sleep 5 killall -9 squid 2>/dev/null killall pinger 2>/dev/null EOD; $rc['restart'] = <<<eod<br>if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then {$SQUID_LOCALBASE}/sbin/squid -D else {$SQUID_LOCALBASE}/sbin/squid -k reconfigure fi EOD; conf_mount_rw(); write_rcfile($rc); write_rcfile(array( "file" => "sqp_monitor.sh", "start" => "/usr/local/pkg/sqpmon.sh &", "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill")); conf_mount_ro(); } ?> [b]squid.conf[/b] [code]# Do not edit manually ! http_port 12.10.0.5:3128 http_port 12.8.0.5:3128 http_port 127.0.0.1:3128 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/pbi/squid-amd64/etc/squid/errors/English icon_directory /usr/pbi/squid-amd64/etc/squid/icons visible_hostname localhost cache_mgr gustavo@comunidadecn.com access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none logfile_rotate 60 shutdown_lifetime 3 seconds httpd_suppress_version_string on uri_whitespace strip cache_mem 64 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs /var/squid/cache 1024 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode off cache_swap_low 90 cache_swap_high 95 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? acl allowed_subnets src 12.10.0.0/23 12.8.0.0/22 cache deny dynamic http_access allow manager localhost # Allow external cache managers acl ext_manager_1 src 127.0.0.1 http_access allow manager ext_manager_1 acl ext_manager_2 src 12.10.0.5 http_access allow manager ext_manager_2 acl ext_manager_3 src 12.8.0.5 http_access allow manager ext_manager_3 http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Setup allowed acls http_access allow allowed_subnets # Default block all to be sure http_access deny all [/code][/s]</eod<br></eod<br></eod<br>