Hi there!
We are running squid on a debian linux box configured with wccp to a
Cisco router. Recently, we patched the squid to resolve Denial of
service with forged WCCP messages problem. #1190. We have also
enabled features, such as unicast reverse path forwarding (uRPF), on
your routers and switches
to prevent spoofed packets from reaching Squid.
However, after 1 to 2 days, the router will not redirect the web
traffic to the squid, even though on the Cisco router is able to see
the squid:
router#sho ip wccp web-cache view
WCCP Routers Informed of:
-none-
WCCP Cache Engines Visible:
192.168.88.3
We have traced the time the problem happend, here are the log files:
>From the squid cache.log file, we see the following logs:
---------------------------------------------------------------------------------
2005/02/01 17:38:10| Request header is too large (12287 bytes)
2005/02/01 17:38:10| Config 'request_header_max_size'= 10240 bytes.
2005/02/01 17:38:10| Ignoring WCCP_I_SEE_YOU from 192.168.88.3
with non-positive number of caches
2005/02/01 17:38:10| Request header is too large (12287 bytes)
2005/02/01 17:38:10| Config 'request_header_max_size'= 10240 bytes.
2005/02/01 17:40:59| this be aioCancel
2005/02/01 17:40:59| Ignoring WCCP_I_SEE_YOU from 192.168.88.3 with
non-positive number of caches
>From the router, we see the following logs:
---------------------------------------------------------------------------------
Feb 1 17:38:06.341 SGT: %WCCP-1-CACHELOST: Web Cache 192.168.88.3 lost
Feb 1 17:38:20.821 SGT: %WCCP-5-CACHEFOUND: Web Cache 192.168.88.3 acquired
Feb 1 17:38:50.817 SGT: %WCCP-1-CACHELOST: Web Cache 192.168.88.3 lost
Feb 1 17:41:09.622 SGT: %WCCP-5-CACHEFOUND: Web Cache 192.168.88.3 acquired
The following is the information of the squid we are using:
---------------------------------------------------------------------------------
dpkg -s squid
Package: squid
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 4952
Maintainer: Luigi Gangitano <luigi@xxxxxxxxxx>
Version: 2.4.6-2woody5
Replaces: squid-novm
Depends: libc6 (>= 2.2.4-4), libldap2 (>= 2.0.23-1), netbase, adduser,
logrotate (>= 3.5.4-1)
Pre-Depends: debconf (>= 0.2.17)
Suggests: squidclient, squid-cgi
Conflicts: squid-novm, sarg (<< 1.1.1-2)
Conffiles:
/etc/init.d/squid dacc7aabf8f95a82b1bacfb021e53cb4
/etc/logrotate.d/squid 04a97ec018c01cd54851de772812067f
Description: Internet Object Cache (WWW proxy cache)
This is the Squid Internet Object Cache developed by the National
Laboratory for Applied Networking Research (NLANR) and Internet
volunteers. This software is freely available for anyone to use. The
Squid home page is http://www.squid-cache.org/
When the problem happened, even restarting of the squid on the
server will not work.
The only way to resolve it is to enable and disable the wccp on the
Cisco router.
Is anyone encountering the same problem? We appreciate any help or
pointers to resolve this problem. Thanks a lot in advance!
Best regards
Goh Sek Chye
