Войти

Показать полную графическую версию : [решено] ещё SQUID


zelo
25-02-2007, 19:11
squid.conf
http_port 3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

debug_options ALL,1

client_netmask 255.255.255.255

dns_nameservers

visible_hostname proxy

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

redirect_children 5
redirector_bypass on

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl nn-bank src 192.168.102.0/24
acl m-bank src 192.168.0.205/32

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow nn-bank
http_access allow m-bank

http_access allow localhost

http_reply_access allow all

icp_access allow all

error_directory /usr/lib/squid/errors/Russian-1251

coredump_dir /var/spool/squid

...с таким конфигом делаю в Linux Mandrake:
service squid start
...пишет
Запускается squid [OK]
...ps -A показывает что сквид запущен в двух экземплярах.
...при попытке другой машины зайти через него на сайт, один из процессов squid меняет pid (перезапускается тобишь), сайт не загружатся, браузер пишет что страницу невозможно отобразить, во!
...чо за дела??? :-)
...помогить ребята! ...за ранее пасиБ!

При запуске в режиме отладки:
[root@localhost squid]# squid -NCd1
Пишет это:
2007/02/25 19:08:48| Starting Squid Cache version 2.5.STABLE3 for i586-mandrake-linux-gnu...
2007/02/25 19:08:48| Process ID 5704
2007/02/25 19:08:48| With 1024 file descriptors available
2007/02/25 19:08:48| Performing DNS Tests...
2007/02/25 19:08:48| Successful DNS name lookup tests...
2007/02/25 19:08:48| DNS Socket created at 0.0.0.0, port 32774, FD 4
2007/02/25 19:08:48| Adding nameserver 192.168.102.100 from /etc/resolv.conf
2007/02/25 19:08:48| helperOpenServers: Starting 5 'squidGuard' processes
2007/02/25 19:08:49| User-Agent logging is disabled.
2007/02/25 19:08:49| Unlinkd pipe opened on FD 14
2007/02/25 19:08:49| Swap maxSize 102400 KB, estimated 7876 objects
2007/02/25 19:08:49| Target number of buckets: 393
2007/02/25 19:08:49| Using 8192 Store buckets
2007/02/25 19:08:49| Max Mem size: 8192 KB
2007/02/25 19:08:49| Max Swap size: 102400 KB
2007/02/25 19:08:49| Rebuilding storage in /var/spool/squid (CLEAN)
2007/02/25 19:08:49| Using Least Load store dir selection
2007/02/25 19:08:49| Set Current Directory to /var/spool/squid
2007/02/25 19:08:49| Loaded Icons.
2007/02/25 19:08:49| Accepting HTTP connections at 0.0.0.0, port 3128, FD 15.
2007/02/25 19:08:49| Accepting ICP messages at 0.0.0.0, port 3130, FD 16.
2007/02/25 19:08:49| Accepting HTCP messages on port 4827, FD 17.
2007/02/25 19:08:49| Accepting SNMP messages on port 3401, FD 18.
2007/02/25 19:08:49| WCCP Disabled.
2007/02/25 19:08:49| Ready to serve requests.
2007/02/25 19:08:49| Done scanning /var/spool/squid swaplog (0 entries)
2007/02/25 19:08:49| Finished rebuilding storage from disk.
2007/02/25 19:08:49| 0 Entries scanned
2007/02/25 19:08:49| 0 Invalid entries.
2007/02/25 19:08:49| 0 With invalid flags.
2007/02/25 19:08:49| 0 Objects loaded.
2007/02/25 19:08:49| 0 Objects expired.
2007/02/25 19:08:49| 0 Objects cancelled.
2007/02/25 19:08:49| 0 Duplicate URLs purged.
2007/02/25 19:08:49| 0 Swapfile clashes avoided.
2007/02/25 19:08:49| Took 0.3 seconds ( 0.0 objects/sec).
2007/02/25 19:08:49| Beginning Validation Procedure
2007/02/25 19:08:49| Completed Validation Procedure
2007/02/25 19:08:49| Validated 0 Entries
2007/02/25 19:08:49| store_swap_size = 0k
2007/02/25 19:08:50| storeLateRelease: released 0 objects
Затем, как только с компьютера в сети производится загрузка сайта через этот прокси, происходит следующее:
2007/02/25 19:09:35| WARNING: redirector #1 (FD 6) exited
2007/02/25 19:09:41| WARNING: redirector #2 (FD 7) exited
2007/02/25 19:09:42| WARNING: redirector #3 (FD 8) exited
2007/02/25 19:09:44| WARNING: redirector #4 (FD 9) exited
2007/02/25 19:09:44| storeDirWriteCleanLogs: Starting...
2007/02/25 19:09:44| WARNING: Closing open FD 15
2007/02/25 19:09:44| Finished. Wrote 0 entries.
2007/02/25 19:09:44| Took 0.0 seconds ( 0.0 entries/sec).
FATAL: Too few redirector processes are running
Aborted
[root@localhost squid]#

....вот таки дела!

zelo
25-02-2007, 19:35
Методом тыка выяснил, что причина в этих...
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 5
redirector_bypass on
...трёх строчках конфига
посему ниже привожу конфиг /etc/squid/squidGuard.conf
dbhome /usr/share/squidGuard-1.2.0
logdir /var/log/squid

rewrite mp3 {
s@.*\.mp3$@http://192.168.102.28/mp3/ntcrack.mp3@r
}

rewrite servicepk {
s@.*\w2ksp4_ru.exe$@http://192.168.102.28/ms-sp/w2ksp4_ru.exe@r
s@.*\MPsetup.exe$@http://192.168.0.208/ms-sp/MPsetup.exe@r
}

rewrite avpsvc {
s@.ftp.avp.ru/updates\.*$@ftp://oldmail.XXX.ru/pub/AVP/*@r
}

time workhours {
weekly mtwhf 08:00 - 19:30
date *-*-01 08:00 - 19:30
}

#
# REWRITE RULES:
#

#rew dmz {
# s@://admin/@://admin.foo.bar.no/@i
# s@://foo.bar.no/@://www.foo.bar.no/@i
#}

rew multimedia {
s@.*/*.(mp3|avi|wav|mov|mpeg)$@http://192.168.102.28/mp3/play.mp3@ir
s@.*/listen.pls$@listen2.pls@ir
# s@://www.XXX.ru/@://pomoika.XXX.ru/@i
}

src lock {
ip 192.168.102.233/32
}

src val {
# ip 192.168.102.233/32
}
src shibaev {
# ip 192.168.102.233/32
}

src admin {
ip 192.168.102.15/32
ip 192.168.102.19/32
}

src nn-kras {
# N-Novgorod
ip 192.168.102.0/24
}
# DESTINATION CLASSES:
#

dest drugs {
domainlist drugs/domains
urllist drugs/urls
}

dest noicq {
domainlist noicq/domains
expressionlist noicq/expressions
}

dest novirus {
domainlist virus/domains
}

dest valuta {
domainlist valuta/domains
}

dest kep {
domainlist kep/domains
}

dest good {
domainlist good/domains
urllist good/urls
expressionlist good/expressions
}
dest krasru {
domainlist krasru/domains
}

dest good_spylog {
domainlist goodsp/domains
# urllist good/urls
}

dest icq-https {
domainlist icq-https/domains
# urllist drugs/urls
}

dest badurl {
domainlist bad-url/domains
urllist bad-url/urls
expressionlist bad-url/expressions
redirect 302:http://192.168.102.28/eye.html
}

dest badexp {
expressionlist bad-exp/expressions
}

dest icq-ban {
expressionlist icq-ban/expressions
redirect 302:http://192.168.102.28/noicq.html
}

dest bad-exp1 {
expressionlist bad-exp1/expressions
}

dest local {
domainlist locals/domains
urllist locals/urls
expressionlist locals/expressions
}

dest porno {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
redirect 302:http://192.168.102.28/eye.html
log /var/log/squid/porno.log
}

dest ads {
domainlist ads/domains
expressionlist ads/expressions
urllist ads/urls
redirect 302:http://192.168.102.28/icons/empty.gif
log /var/log/squid/banners.log
}

dest gambling {
domainlist gambling/domains
urllist gambling/urls
}

dest games {
domainlist games/domains
urllist games/urls
redirect 302:http://192.168.102.28/eye.html
}

dest microsoft {
domainlist ms/domains
# urllist ms/urls
}

dest avi {
domainlist audio-video/domains
urllist audio-video/urls
expressionlist audio-video/expressions

}

dest agressor {
domainlist aggressive/domains
urllist aggressive/urls
}


dest mailers {
domainlist mail/domains
urllist mail/urls
}

dest proxysrv {
domainlist proxy/domains
urllist proxy/urls
redirect 302:http://192.168.102.28/eye.html
}

dest waresz {
domainlist warez/domains
urllist warez/urls
}

acl {
lock {
pass krasru none
}
val {
pass valuta krasru none
}
admin {
pass good !icq-ban !novirus any
}
shibaev {
pass good !icq-ban !novirus !ads !badexp !badurl !agressor !porno !gambling !games !waresz !avi !proxysrv any
rewrite multimedia
}
nn-kras {
pass good !icq-ban !novirus !ads !badexp !drugs !badurl !agressor !porno !gambling !games !waresz !avi !proxysrv any
rewrite multimedia
}
default {
pass none
redirect http://192.168.102.28/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&url=%u
}
}

must die
26-02-2007, 08:09
zelo

Что дает squidGuard -d ?

zelo
26-02-2007, 08:49
Еже запустить так:
[root@localhost squid]# squidGuard -d
...то сказывает, что не может найти файл-конфиг по пути /etc/squidGuard/squidGuard.conf
Еже ли запустить так:
[root@localhost squid]# squidGuard -d -c /etc/squid/squidGuard.conf
...то в консоли появится следующе:
2007-02-26 08:48:02 [15030] sourceblock lock missing active content, set inactive
2007-02-26 08:48:02 [15030] sourceblock val missing active content, set inactive
2007-02-26 08:48:02 [15030] sourceblock shibaev missing active content, set inactive
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/drugs/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/drugs/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/drugs/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/drugs/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/noicq/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/noicq/domains.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/noicq/expressions
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/virus/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/virus/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/valuta/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/valuta/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/kep/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/kep/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/good/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/good/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/good/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/good/urls.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/good/expressions
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/krasru/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/krasru/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/goodsp/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/goodsp/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/icq-https/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/icq-https/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/bad-url/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/bad-url/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/bad-url/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/bad-url/urls.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/bad-url/expressions
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/bad-exp/expressions
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/icq-ban/expressions
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/bad-exp1/expressions
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/locals/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/locals/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/locals/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/locals/urls.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/locals/expressions
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/porn/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/porn/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/porn/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/porn/urls.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/porn/expressions
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/ads/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/ads/domains.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/ads/expressions
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/ads/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/ads/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/gambling/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/gambling/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/gambling/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/gambling/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/games/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/games/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/games/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/games/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/ms/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/ms/domains.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/audio-video/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/audio-video/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/audio-video/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/audio-video/urls.db
2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/audio-video/expressions
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/aggressive/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/aggressive/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/aggressive/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/aggressive/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/mail/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/mail/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/mail/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/mail/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/proxy/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/proxy/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/proxy/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/proxy/urls.db
2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/warez/domains
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/warez/domains.db
2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/warez/urls
2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/warez/urls.db
2007-02-26 08:48:02 [15030] squidGuard 1.2.0 started (1172468882.860)
2007-02-26 08:48:02 [15030] recalculating alarm in 38518 seconds
2007-02-26 08:48:02 [15030] squidGuard ready for requests (1172468882.878)

must die
26-02-2007, 09:30
zelo

А если сначала su "имя пользователя под которым работает сквид", и попробовать запустить все ручками от него. Может где-то прав не хватает.

gf100
26-02-2007, 09:39
zelo
То-то мне подсказывает, что доступ на http://192.168.102.28 должен идти не через прокси. Кроме того, проверь, крутится ли на этом адресе web-сервер.
Ну и стандартное - права доступа на каталоги, файлы.
Встречал еще один совет: использовать rejik. Я сам его использую :). Если не получится с squidGuard, присмотрись, может понравится.

zelo
26-02-2007, 10:13
права на все нужные файлы, а именно:
/etc/squid/*
/usr/share/squidGuard.../*
/var/log/squid/*
/var/spool/squid/*
...дал по маске 0666, а владельцев и группы установил в nobody
...и не па-шет!

zelo
26-02-2007, 10:27
...разобрался я ребят!
...нужно было просто некоторым файлам дать права по маске 0777, а не 0666.
...всем спасиБо!

zelo
27-02-2007, 09:59
ещё вопрос (оказыватся ещё не решено!):

почему squidGuard статистику не генерирует???


...конфиги выше

gf100
27-02-2007, 10:45
почему squidGuard статистику не генерирует???А должен??? Вообще-то для сбора статистики прикручивают SARG или что-то попроще - LightSquid, есть еще скрипты на perl'e.

zelo
27-02-2007, 14:30
....не знал :-).
....час будем ставить!




© OSzone.net 2001-2012