Hi,
I recently configured Squid to ssl-bump connections and dynamically
generate certificates. I am running Squid 3.3.3 on Ubuntu 13.10.
Here is my config file (sorry, long I know):
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly
plugged) machines
#Use IPv4 (No IPv6 connectivity, yet)
dns_v4_first on
#HTTP header X-Forwarded-For
forwarded_for transparent #Don't change header sent by client
#VIA (sends proxy header)
via off
#Define error directory
error_directory /var/www/error
#Log query string in access.log
strip_query_terms off
#Define log file locations
access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
#Virus scanner
icap_enable on
icap_send_client_ip on
icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
always_direct allow all
ssl_bump server-first
#Devices configured to use the proxy. No interception for HTTPS
http_port 3128
https_port 3128 cert=/usr/ssl/myCA.pem
#Devices configured to use the proxy. Interception for HTTPS
http_port 3129 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/ssl/myCA.pem
#Devices unconfigured to use the proxy. Sent by the router.
http_port 3127 intercept ssl-bump cert=/usr/ssl/myCA.pem
https_port 3126 intercept ssl-bump cert=/usr/ssl/myCA.pem
acl SSL_ports port 443 # Normal SSL port for HTTPS
acl SSL_ports port 8443 # Plesk SSL
acl SSL_ports port 2083 # cPanel SSL
acl Safe_ports port 80 # http
acl Safe_ports port 83 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # CUPS
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl PURGE method PURGE
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
############################################################
#deny_info /dis_intoff.html all
#deny_info /dis_cyberattack.html all
#deny_info /dis_virus.html all
#deny_info /dis_update.html all
#deny_info /dis_intdown.html all
#http_access deny all
#############################################################
acl proxy_ip dst 192.168.0.10
##############################################################
acl wldomains dstdomain "/etc/squid/whitelist.domains.acl"
acl gldomains dstdomain "/etc/squid/greylist.domains.acl"
###############################################################
acl google_ca_url url_regex google.ca/url
acl google_com_url url_regex google.com/url
deny_info /blocked-youtube.html youtube_dom
acl youtube_dom dstdom_regex .youtube. .googlevideo.
deny_info /blocked-ytvid.html youtube_bvidkey
acl youtube_bvidkey url_regex "/etc/squid/blocked.ytvidkey.acl"
deny_info /blocked-ytch.html youtube_bchvidkey
acl youtube_bchvidkey url_regex "/var/www/cron/proxy/blocked_ytautoch.acl"
deny_info 302:http://192.168.0.10:3180/error/blocked.jpg ytimg
acl ytimg dstdomain .ytimg.com
acl youtube url_regex youtube.com/watch
########################################################
acl netflix_bkeys url_regex "/etc/squid/blocked.netflix.acl"
########################################################
#CTV NEWS Video
acl ctvnews_keyw url_regex ctvnews
acl ctvnews_scorecardresearch dstdomain .scorecardresearch.com
########################################################
deny_info /blocked-domain.html bdomains
acl bdomains dstdomain "/etc/squid/blocked.domains.acl"
deny_info /blocked-keyw.html bdkeyw
acl bdkeyw dstdom_regex -i "/etc/squid/blocked.domainkeyw.acl"
deny_info /blocked-keyw.html bkeyw
acl bkeyw url_regex -i "/etc/squid/blocked.keywords.acl"
########################################################
deny_info /blocked-domain-ssl.html ssl_bdomains
acl ssl_bdomains dstdomain "/etc/squid/blocked.domains.ssl.acl"
deny_info /blocked-keyw-ssl.html ssl_bkeyw
acl ssl_bkeyw url_regex -i "/etc/squid/blocked.keywords.ssl.acl"
#allow https google.ca google.com (will be redirected later in /etc/hosts)
acl ssl_googlewww_ca_com dstdomain www.google.com www.google.ca
deny_info /blocked-domain-ssl.html ssl_googlewww_o
acl ssl_googlewww_o dstdom_regex www.google.
##########################################################
#acl dl_ dstdomain "/etc/squid/domainlists//domains"
#http_access deny dl_
####################################################
deny_info /inapp.html dl_abortion dl_artnudes dl_lingerie dl_porn dl_sexuality
###
acl dl_abortion dstdomain "/etc/squid/domainlists/abortion/domains"
acl dl_artnudes dstdomain "/etc/squid/domainlists/artnudes/domains"
acl dl_lingerie dstdomain "/etc/squid/domainlists/lingerie/domains"
acl dl_porn dstdomain "/etc/squid/domainlists/porn/domains"
acl dl_sexuality dstdomain "/etc/squid/domainlists/sexuality/domains"
###################
deny_info /v-m-s-p.html dl_malware dl_phishing dl_spyware
###
acl dl_malware dstdomain "/etc/squid/domainlists/malware/domains"
acl dl_phishing dstdomain "/etc/squid/domainlists/phishing/domains"
acl dl_spyware dstdomain "/etc/squid/domainlists/spyware/domains"
####################
deny_info /ads.html dl_ads dl_ads_exp
###
acl dl_ads dstdomain "/etc/squid/domainlists/ads/domains"
acl dl_ads_exp url_regex "/etc/squid/domainlists/ads/expressions"
####################
deny_info /proxy.html dl_proxies dl_vpn proxy_keyw_domain vpn_keyw_domain
###
acl proxy_keyw_domain dstdom_regex prox
acl vpn_keyw_domain dstdom_regex vpn
acl dl_proxies dstdomain "/etc/squid/domainlists/proxy/domains"
acl dl_vpn dst "/etc/squid/blocked.vpn.acl"
#####################################################################
deny_info /ext.html block_ext
acl block_ext url_regex -i "/etc/squid/blocked.ext.acl"
#####################################################################
deny_info /guestnet.html guestnet
deny_info /guest_ports.html guest_ports
deny_info /guest_i443.html guest_i443
acl guest_ports port 80
acl guest_ports port 443
acl guest_i443 localport 443
#####################################################################
acl nocache_dstdom dstdomain .apple.com
acl nocache_ext url_regex -i \.ipa$
#####################################################################
deny_info 302:http://www.google.com/ google_redirect
acl google_redirect dstdomain gogle.ca gogle.com goole.ca goole.com
gogoel.ca gogoel.com gogole.ca gogole.com googel.ca googel.com
#####################################################################
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#########
#IP ACLS#
#########
acl localnet src 192.168.0.0/24
acl to_localnet dst 192.168.0.0/24
acl guestnet src 192.168.0.3
acl fakenet src 169.254.0.0/16
acl router src 192.168.0.1 192.168.0.2
acl imac src 192.168.0.11
acl imac_w src 192.168.0.12
acl eh src 192.168.0.13
acl eh_w src 192.168.0.14
acl macmini src 192.168.0.15
acl macmini_w src 192.168.0.16
acl localnetip src 192.168.0.10
acl localip src 127.0.0.1
acl local src localhost
acl ethan_ipod src 192.168.0.43
acl ethan_android src 192.168.0.47
acl matthew_ipod src 192.168.0.45
acl lauren_ipod src 192.168.0.46
acl dad_iphone4 src 192.168.0.42
acl mom_iphone src 192.168.0.44
acl dad_iphone3 src 192.168.0.41
acl ipad src 192.168.0.40
acl cctv src 192.168.0.30
acl vera src 192.168.0.31
acl apple_tv src 192.168.0.32
acl samsung_bluray1 src 192.168.0.33
acl samsung_bluray2 src 192.168.0.34
acl wii src 192.168.0.39
###
deny_info /homenet_dhcp.html homenet_dhcp
acl homenet_dhcp src 192.168.0.200-192.168.0.249
#ACL must be at bottom of acls - Webmin puts restrictions in order
they appear in file, must be last for deny_info
deny_info /invisible.html all_invisible
acl all_invisible dst all
deny_info /autoblock.html inapp_autoblock
acl inapp_autoblock dst all
###########
#REDIRECTS#
###########
http_access deny google_redirect
##################
#DENY/ALLOW RULES#
##################
cache deny CONNECT
cache deny guestnet
cache deny nocache_dstdom
cache deny nocache_ext
http_access allow PURGE localip
http_access deny guestnet guest_i443
http_access deny to_localnet guestnet
http_access deny guestnet !guest_ports
http_access deny homenet_dhcp
http_access deny fakenet all_invisible
http_access deny fakenet inapp_autoblock
http_access deny fakenet
http_access deny fakenet
http_access deny block_ext
http_access allow proxy_ip
http_access allow wldomains
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow google_ca_url
http_access allow google_com_url
http_access deny netflix_bkeys
#Don't just block on Youtube domains - also block youtube downloaders
that use the video id
#http_access deny youtube_dom youtube_bvidkey
#http_access deny youtube_dom youtube_bchvidkey
http_access deny youtube_bvidkey ytimg
http_access deny youtube_bchvidkey ytimg
http_access deny youtube_bvidkey
http_access deny youtube_bchvidkey
http_access allow youtube
http_access allow ctvnews_keyw ctvnews_scorecardresearch
http_access deny bdomains
http_access deny bdkeyw
http_access deny bkeyw
http_access allow CONNECT ssl_bdomains ethan_ipod
http_access allow CONNECT ssl_bkeyw ethan_ipod
http_access allow CONNECT ssl_bdomains ethan_android
http_access allow CONNECT ssl_bkeyw ethan_android
http_access deny CONNECT ssl_bdomains
http_access deny CONNECT ssl_bkeyw
http_access allow CONNECT ssl_googlewww_ca_com
http_access deny CONNECT ssl_googlewww_o
http_access allow gldomains
http_access deny dl_abortion
http_access deny dl_artnudes
http_access deny dl_lingerie
http_access deny dl_porn
http_access deny dl_sexuality
http_access deny dl_malware
http_access deny dl_phishing
http_access deny dl_spyware
http_access deny dl_ads
http_access deny dl_ads_exp
http_access deny proxy_keyw_domain
http_access deny vpn_keyw_domain
http_access deny dl_proxies
http_access deny dl_vpn
http_access allow router
http_access allow localhost
http_access allow localnetip
http_access allow localip
http_access allow localnet
http_access deny all
#############
#DELAY POOLS#
#############
#Specify number of delay pools
delay_pools 4
#Delay Pool 1
delay_class 1 1
delay_access 2 allow guestnet
delay_parameters 1 100000/150000
#Delay Pool 2
delay_class 2 1
delay_access 3 allow samsung_bluray1
delay_parameters 2 10000/25000
#Delay Pool 3
delay_class 3 1
delay_access 4 allow fakenet
delay_access 1 allow fakenet
delay_parameters 3 200000/250000
#Delay Pool 4 (Fast)
delay_class 4 1
delay_parameters 4 -1/-1
#COMMENT BELOW TO TURN ON CACHE!
cache deny all
#UNCOMMENT BELOW TO TURN ON CACHE!
# Uncomment and adjust the following to add a disk cache directory.
# cache_dir ufs /var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user proxy
cache_effective_group proxy
#Running out of file descriptors. Change from default 1024 to value specified
max_filedescriptors 4096
Squid worked flawlessly until I added the http_port 3129 line with the
ssl-bump and generate host certificates. After this, Squid now crashes
anywhere from 1 - 12 hours. This is some of the output of my cache.log
file (the reconfigure is when I added it, end is when I commented it
out to fix it not responding):
2014/04/12 21:40:29 kid1| Reconfiguring Squid Cache (version
3.3.3-20130321-r12517)...
2014/04/12 21:40:29 kid1| Closing HTTP port [::]:3128
2014/04/12 21:40:29 kid1| Closing HTTP port [::]:3129
2014/04/12 21:40:29 kid1| Closing HTTP port 0.0.0.0:3127
2014/04/12 21:40:29 kid1| Closing HTTPS port [::]:3128
2014/04/12 21:40:29 kid1| Closing HTTPS port 0.0.0.0:3126
2014/04/12 21:40:29 kid1| Logfile: closing log stdio:/var/log/squid/store.log
2014/04/12 21:40:29 kid1| Logfile: closing log stdio:/var/log/squid/access.log
2014/04/12 21:40:29 kid1| Startup: Initializing Authentication Schemes ...
2014/04/12 21:40:29 kid1| Startup: Initialized Authentication Scheme 'basic'
2014/04/12 21:40:29 kid1| Startup: Initialized Authentication Scheme 'digest'
2014/04/12 21:40:29 kid1| Startup: Initialized Authentication Scheme 'negotiate'
2014/04/12 21:40:29 kid1| Startup: Initialized Authentication Scheme 'ntlm'
2014/04/12 21:40:29 kid1| Startup: Initialized Authentication.
2014/04/12 21:40:30 kid1| Processing Configuration File:
/etc/squid/squid.conf (depth 0)
2014/04/12 21:40:30 kid1| Starting Authentication on port [::]:3127
2014/04/12 21:40:30 kid1| Disabling Authentication on port [::]:3127
(interception enabled)
2014/04/12 21:40:30 kid1| Disabling IPv6 on port [::]:3127
(interception enabled)
2014/04/12 21:40:30 kid1| Starting Authentication on port [::]:3126
2014/04/12 21:40:30 kid1| Disabling Authentication on port [::]:3126
(interception enabled)
2014/04/12 21:40:30 kid1| Disabling IPv6 on port [::]:3126
(interception enabled)
2014/04/12 21:40:37 kid1| WARNING: 'myport' ACL is not reliable for
interception proxies. Please use 'myportname' instead.
2014/04/12 21:40:37 kid1| UPGRADE: ACL 'myport' type is has been
renamed to 'localport' and matches the port the client connected to.
2014/04/12 21:40:37 kid1| WARNING: HTTP requires the use of Via
2014/04/12 21:40:37 kid1| Initializing https proxy context
2014/04/12 21:40:37 kid1| Initializing http_port [::]:3129 SSL context
2014/04/12 21:40:37 kid1| Using certificate in /usr/ssl/myCA.pem
2014/04/12 21:40:37 kid1| Initializing http_port 0.0.0.0:3127 SSL context
2014/04/12 21:40:37 kid1| Using certificate in /usr/ssl/myCA.pem
2014/04/12 21:40:37 kid1| Initializing https_port [::]:3128 SSL context
2014/04/12 21:40:37 kid1| Using certificate in /usr/ssl/myCA.pem
2014/04/12 21:40:37 kid1| Initializing https_port 0.0.0.0:3126 SSL context
2014/04/12 21:40:37 kid1| Using certificate in /usr/ssl/myCA.pem
2014/04/12 21:40:37 kid1| Logfile: opening log /var/log/squid/access.log
2014/04/12 21:40:37 kid1| WARNING: log parameters now start with a
module name. Use 'stdio:/var/log/squid/access.log'
2014/04/12 21:40:37 kid1| Squid plugin modules loaded: 0
2014/04/12 21:40:37 kid1| Adaptation support is on
2014/04/12 21:40:37 kid1| Logfile: opening log /var/log/squid/store.log
2014/04/12 21:40:37 kid1| WARNING: log parameters now start with a
module name. Use 'stdio:/var/log/squid/store.log'
2014/04/12 21:40:37 kid1| DNS Socket created at [::], FD 9
2014/04/12 21:40:37 kid1| DNS Socket created at 0.0.0.0, FD 10
2014/04/12 21:40:37 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2014/04/12 21:40:37 kid1| Adding nameserver 192.168.0.1 from /etc/resolv.conf
2014/04/12 21:40:37 kid1| HTCP Disabled.
2014/04/12 21:40:37 kid1| Loaded Icons.
2014/04/12 21:40:37 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 11 flags=9
2014/04/12 21:40:37 kid1| Accepting SSL bumped HTTP Socket connections
at local=[::]:3129 remote=[::] FD 12 flags=9
2014/04/12 21:40:37 kid1| Accepting NAT intercepted SSL bumped HTTP
Socket connections at local=0.0.0.0:3127 remote=[::] FD 13 flags=41
2014/04/12 21:40:37 kid1| Accepting HTTPS Socket connections at
local=[::]:3128 remote=[::] FD 14 flags=9
2014/04/12 21:40:37 kid1| Accepting NAT intercepted SSL bumped HTTPS
Socket connections at local=0.0.0.0:3126 remote=[::] FD 15 flags=41
2014/04/12 21:40:37 kid1| ERROR: listen( FD 14, [::] [ job9832],
1024): (98) Address already in use
2014/04/12 21:50:56 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 30: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2014/04/12 21:52:49 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 16: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2014/04/12 21:54:19 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 83: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2014/04/12 21:56:29 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://www.facebook.com/connect/ping?client_id=123026274413041&domain=www.computerworld.com&origin=2&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F8n77RrR4jg0.js%3Fversion%3D40%23cb%3Df202ceabcc%26domain%3Dwww.computerworld.com%26origin%3Dhttp%253A%252F%252Fwww.computerworld.com%252Ff2c32039bc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey
AKA www.facebook.com/connect/ping?client_id=123026274413041&domain=www.computerworld.com&origin=2&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F8n77RrR4jg0.js%3Fversion%3D40%23cb%3Df202ceabcc%26domain%3Dwww.computerworld.com%26origin%3Dhttp%253A%252F%252Fwww.computerworld.com%252Ff2c32039bc%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey
2014/04/13 17:57:07 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://www.electrolsupply.com/search.php?search=mk15rpnex
AKAwww.electrolsupply.com/search.php?search=mk15rpnex
2014/04/13 17:57:07 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://www.electrolsupply.com/search.php?search=mk15rpnex
AKAwww.electrolsupply.com/search.php?search=mk15rpnex
2014/04/13 17:57:10 kid1| WARNING: HTTP: Invalid Response: No object
data received for https://www.electrolsupply.com/images/visa.gif
AKAwww.electrolsupply.com/images/visa.gif
2014/04/13 19:54:30 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22language%22%3A%22en%22%2C%22client_version%22%3A%221.1%3Am%3Ac%22%2C%22widget_origin%22%3A%22http%3A%2F%2Fwww.ask.com%2Fquestion%2Fhow-fast-does-a-kx-85-go%22%2C%22format_version%22%3A1%2C%22triggered_on%22%3A1397444064380%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
AKA twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22language%22%3A%22en%22%2C%22client_version%22%3A%221.1%3Am%3Ac%22%2C%22widget_origin%22%3A%22http%3A%2F%2Fwww.ask.com%2Fquestion%2Fhow-fast-does-a-kx-85-go%22%2C%22format_version%22%3A1%2C%22triggered_on%22%3A1397444064380%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
2014/04/13 19:55:41 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22language%22%3A%22en%22%2C%22client_version%22%3A%221.1%3Am%3Ac%22%2C%22widget_origin%22%3A%22http%3A%2F%2Fwww.kgbanswers.com%2Fhow-fast-does-an-2008-kx-85-go%2F20871655%22%2C%22format_version%22%3A1%2C%22triggered_on%22%3A1397444135127%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
AKA twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22language%22%3A%22en%22%2C%22client_version%22%3A%221.1%3Am%3Ac%22%2C%22widget_origin%22%3A%22http%3A%2F%2Fwww.kgbanswers.com%2Fhow-fast-does-an-2008-kx-85-go%2F20871655%22%2C%22format_version%22%3A1%2C%22triggered_on%22%3A1397444135127%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
2014/04/13 19:56:23 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22language%22%3A%22en%22%2C%22client_version%22%3A%221.1%3Am%3Ac%22%2C%22widget_origin%22%3A%22http%3A%2F%2Fwww.ask.com%2Fquestion%2Fhow-fast-does-a-kawasaki-kx-85-go%22%2C%22format_version%22%3A1%2C%22triggered_on%22%3A1397444177810%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
AKA twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22language%22%3A%22en%22%2C%22client_version%22%3A%221.1%3Am%3Ac%22%2C%22widget_origin%22%3A%22http%3A%2F%2Fwww.ask.com%2Fquestion%2Fhow-fast-does-a-kawasaki-kx-85-go%22%2C%22format_version%22%3A1%2C%22triggered_on%22%3A1397444177810%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
2014/04/13 19:56:24 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://fbstatic-a.akamaihd.net/rsrc.php/v2/yF/r/_cwLgt2Vdyt.js
AKAfbstatic-a.akamaihd.net/rsrc.php/v2/yF/r/_cwLgt2Vdyt.js
2014/04/13 19:56:24 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://fbstatic-a.akamaihd.net/rsrc.php/v2/yF/r/_cwLgt2Vdyt.js
AKAfbstatic-a.akamaihd.net/rsrc.php/v2/yF/r/_cwLgt2Vdyt.js
2014/04/13 19:56:24 kid1| WARNING: HTTP: Invalid Response: No object
data received for
https://fbstatic-a.akamaihd.net/rsrc.php/v2/yF/r/_cwLgt2Vdyt.js
AKAfbstatic-a.akamaihd.net/rsrc.php/v2/yF/r/_cwLgt2Vdyt.js
2014/04/13 22:08:08 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:08:24 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:08:40 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:08:56 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:09:12 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:09:28 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:09:44 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:10:00 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:10:16 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:10:32 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:10:48 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:11:04 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:11:20 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:11:36 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:11:52 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:12:08 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:12:24 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:12:40 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:12:56 kid1| WARNING! Your cache is running out of filedescriptors
2014/04/13 22:13:08 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39402 FD 62 flags=33: (2)
No such file or directory
2014/04/13 22:13:08 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39403 FD 63 flags=33: (2)
No such file or directory
2014/04/13 22:13:09 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39404 FD 88 flags=33: (2)
No such file or directory
2014/04/13 22:13:09 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:44412 FD 90 flags=33: (2)
No such file or directory
2014/04/13 22:13:10 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39405 FD 92 flags=33: (2)
No such file or directory
2014/04/13 22:13:10 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39406 FD 94 flags=33: (2)
No such file or directory
2014/04/13 22:13:11 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39407 FD 96 flags=33: (2)
No such file or directory
2014/04/13 22:13:11 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:45993 FD 98 flags=33: (2)
No such file or directory
2014/04/13 22:13:12 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39408 FD 100 flags=33: (2)
No such file or directory
2014/04/13 22:13:12 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39409 FD 102 flags=33: (2)
No such file or directory
2014/04/13 22:13:13 kid1| NF getsockopt(SO_ORIGINAL_DST) failed on
local=192.168.0.10:3126 remote=192.168.0.49:39410 FD 104 flags=33: (2)
No such file or directory
2014/04/13 22:22:14 kid1| WARNING! Your cache is running out of filedescriptors
I would really appreciate any ideas that anyone might have to fix this problem.
Thanks!
Received on Tue Apr 15 2014 - 00:10:37 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 15 2014 - 12:00:09 MDT
