Re: Strange acl prob / possibly a bug

From: Duane Wessels <wessels@dont-contact.us>
Date: Sat, 4 Mar 2000 19:03:33 -0700

On Sat, 4 Mar 2000, Matthias Barnutz wrote:

> No idea about this? The problem is still present, and my users are still
> complaining.

I think http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.14
addresses your situation.

Duane W.

>
> ----- Original Message -----
> From: "Matthias Barnutz" <barney@nef.wh.uni-dortmund.de>
> To: <squid-users@ircache.net>
> Sent: Friday, February 25, 2000 12:11 AM
> Subject: Strange acl prob / possibly a bug
>
>
> > Hi!
> >
> > I have a very strange problem with Access Lists and http_access. In my
> > opinion, it seems to be a bug.
> >
> > After squid running a few hours or a few days, suddenly it answers
> requests
> > from some clients with TCP_DENIED. After doing a "squid -k reconfigure"
> > everything works fine again. Until the next time.
> >
> > System:
> > Linux 2.2.12 i586
> > Squid Object Cache: Version 2.3.STABLE1
> >
> > The squid config file contains only three http_access entries:
> >
> > http_access allow paid
> > http_access allow figge unido
> > http_access deny all
> >
> > Here are the corresponding acl lines:
> >
> > acl all src 0.0.0.0/0.0.0.0
> > acl figge src 129.217.240.0/255.255.254.0 129.217.255.128/255.255.255.192
> > 129.217.255.248/255.255.255.248
> > acl unido dstdomain .uni-dortmund.de
> > acl paid src "/etc/squid.clients"
> >
> > In words: Requests from IPs, which are written into the file
> > /etc/squid.clients, should be allowed everytime and to every destination.
> > All hosts from the mentioned subnets may access all destinations in the
> > mentioned dstdomain. And all other accesses should be denied.
> >
> > The file /etc/squid.clients looks like this (sample):
> >
> > 129.217.240.38
> > 129.217.240.82
> > 129.217.240.140
> > 129.217.240.87
> > 129.217.240.112
> >
> > Just the IP-addresses, unsorted. In total, about 400 entries.
> >
> > What happens is, that suddenly all requests from some hosts, with source
> IP
> > addresses listet in the file, are denied (TCP_DENIED). After doing a
> > reconfigure, requests from the same hosts are allowed again. But
> > /etc/squid.clients hasn't changed meanwhile. If /etc/squid.clients is
> > changed, a reconfigure is done automatically. In the cache.log file there
> > aren't any uncommon events. The hosts, from which requests are denied, are
> > not always the same.
> >
> > Anyone has any idea what could be this? Has anyone had the same problem?
> >
> > I'm sorry that I actually can not provide more information, like log file
> > fragments. Squid is running on a production system, and I have not the
> > resources to turn on full debugging. There are many requests, and the
> > logfile grows very fast if debugging is turned on (even if only acl
> > debugging is turned on). And, actually I do a "squid -k reconfigure" every
> > hour by a cronjob, so the problem at the moment is not present, and
> there's
> > nothing to log. But this is not a solution. Or is there something wrong
> with
> > the acl configuration?
> >
> > Maybe someone could "simulate" this scenario in his "lab" and track down
> the
> > problem ...
> >
> > Thanks for your help.
> >
> > Kind regards,
> >
> > Matthias
> >
> > --
> > Matthias Barnutz, University of Dortmund, Germany
> > http://www.nef.wh.uni-dortmund.de/~barney
> > ICQ: 12031262
> >
> >
>
Received on Sat Mar 04 2000 - 19:06:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:55 MST