Search squid archive

Re: Squid3 issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos,
Thanks again for your reply, I have tried these two links, I have used them for one server at a time, or maybe the issue is that I was trying to access the backend Server which is currently running in virtualhost mode and holds the 3 websites.

As I said before I have completely uninstalled the previous Squid, I reinstalled it again this time, configured it and compiled it (manually) I had some issues with permissions, first the cache logs and then the swap file directory but it's all sorted.
Now when ever I start Squid with
Squid -NCd 10
I check if everything is running ok, so I get this warning:

ClientParseRequestMethod: Unsupported method attempted by : 111.118.144.225
This is not a bug. see Squid.conf  extension methods
ClientProcess Invalid Request.

Let me just point out that first I have no idea where this IP originate from, I tried Dnsstuff to figure out where it's coming from, I am not sure if it's a Google crawler or someone else, the information wasn't clear.
But it's definitely not one of my IPs
Second, the proxy at the moment is behind a router and is not connected to any of "Local" clients yet, I wanted to run it first before I can connect it as a "Proxy-Router" How can I prevent this from accessing it because it's persisting connection it will soon cripple the server.

Does anyone know who owns this IP address please? 111.118.144.225

All I got as info is this
Location: Cambodia [City: Phnom Penh, Phnum Penh]Maybe I need to block their IP if I can.At the moment the proxy server is set as a standalone machine connected through a router so I can't understand why is it gettingthese requests, from outside.Any ideas please?RegardsAdam----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Friday, March 19, 2010 2:53 PM
Subject: Re:  Squid3 issues


Adam@Gmail wrote:
Hi Amos,
Thanks for your comments, All I was doing is hit reply, this is the very first time ever I used any mailing list It doesn't matter anymore, I am sorry if I offended anyone, it was not my intention, when I get an email I simply hit reply I will try and solve my problems, and if I do get it to work I will certainly post the solution for future users who might face the same problem

As for now, I just want to thank you all

I have previously installed an older version of Squid compiled it manually it wasn't the one packaged with the OS (Ubuntu hardy) after few days trying to get it to work, I mean as a reverse proxy, with no luck, I removed it, tried the version 3.0 the one that was packaged with the Os, I got as far as allowing clients on my network to have access to the internet and most of other applications on windows XP couldn't connect.

Windows apps sadly often have to be individually configured for the proxy. A lot are not able to use proxies at all.

For the MS software on WindowsXP, set the IE "Internet Options" then at the command line running "proxycfg -u". That proxycfg -u seems trivial, but it is seriously important for Windows XP or a lot of HTTP service stuff in the background will not work even with IE set correctly. Also worth noting is that proxy auto-detect is not done by several of the back-end libraries either. Including windows update :(


anyway this time around I have downloaded it again configured it compiled it and installed it, it's not starting but this is a minor problem, it's a permission issue rather than anything else.

I just want to say, thank you all, If I do get it to work I will post the solution as promised if not that means I have moved on and no longer using Squid3.

I will break it down for others to see and it will hopefully help others:

Here it is:

1) Machine A Proxy-Router
2) Machine DSN DHCP
3) Web-server One     www.example.com
4) Web-server Two    www.example.org
5) Web-server Three  www.example.net
6) IRC-server / Digichat server
Plus 5 Windows clients

I wanted a proxy server in the for two good reasons, one is for loadbalancing and second for an extra layer of security Currently I have all of the three websites above running on a single machine on a virtualhosts, but it's too much for one machine to handle all the requests.

I always wanted to use a proxy server but I was putting it off.
a) I knew it was going to be a challenge
b) I was trying to get sometime off in order to do it properly
Basically all I wanted for now is to forward all requests to the relevant backend servers, to which I knew it was going to be a challenge


The "IRC-server / Digichat server" may not be proxy-able at all through Squid. It depends if they use HTTP services, or if they are accessible via HTTP.


For the reverse proxying of your websites:
pick one of the web servers to start with and this is the wiki article you need for that website:
  http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

Note, the config settings must be going in above all the default http_access lines currently in your config. The default http_access are for forward-proxy and will block external access.

Then when thats tested and working, this config describes what to add to the above to get multiple websites from multiple servers:
  http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers


At this point or even with just one server setup you may hit the FD overload problem again.

Why: Squid uses 2-3 FD for every request (client, cache file, and maybe server connections) and clients like making 4-16 requests in parallel each these days and make them is persistent for many minutes at a stretch. FD run out fast. For reverse-proxies on a fairly used site it may be a good idea to have many FD available to Squid (64K or even 128K has been cited a needed).


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux