Adam@Gmail wrote:
Hi Amos,
Thanks again for your reply, I have tried these two links, I have used
them for one server at a time, or maybe the issue is that I was trying
to access the backend Server which is currently running in virtualhost
mode and holds the 3 websites.
As I said before I have completely uninstalled the previous Squid, I
reinstalled it again this time, configured it and compiled it (manually)
I had some issues with permissions, first the cache logs and then the
swap file directory but it's all sorted.
Now when ever I start Squid with
Squid -NCd 10
I check if everything is running ok, so I get this warning:
ClientParseRequestMethod: Unsupported method attempted by : 111.118.144.225
This is not a bug. see Squid.conf extension methods
ClientProcess Invalid Request.
The line above (or maybe below) should indicate what request methods was
used. If it looks like garbage it is not HTTP.
This is caused commonly by apps which send their non-HTTP stuff
through port 80.
Or, by overly wide DNAT / interception rules grabbing non-80 ports and
pushing their data into Squid.
Let me just point out that first I have no idea where this IP originate
from, I tried Dnsstuff to figure out where it's coming from, I am not
sure if it's a Google crawler or someone else, the information wasn't
clear.
Well, it is probably coming for outside your network and being set to
your Squid.
But it's definitely not one of my IPs
Second, the proxy at the moment is behind a router and is not connected
to any of "Local" clients yet, I wanted to run it first before I can
connect it as a "Proxy-Router"
How can I prevent this from accessing it because it's persisting
connection it will soon cripple the server.
Does anyone know who owns this IP address please? 111.118.144.225
The whois tool is a first step to finding out:
whois 111.118.144.225
I wont publish their contact details here, but the whois command will
show them to you if you really need them. It's one of their customers
probably.
All I got as info is this
Location: Cambodia [City: Phnom Penh, Phnum Penh]Maybe I need to block
their IP if I can.At the moment the proxy server is set as a standalone
machine connected through a router so I can't understand why is it
gettingthese requests, from outside.Any ideas please?
Firstly, check your firewall rules that public traffic really is not
being explicitly sent to the proxy yet.
If you can confirm that it really should not, add an iptables rule to
DROP packets coming from it before they go anywhere.
Maybe you face an attack or an infected/insecure machine already on your
network. Either way its worth finding out more about what that IP is/was
doing and why.
Amos
Amos wrote:
Adam@Gmail wrote:
Hi Amos,
Thanks for your comments, All I was doing is hit reply, this is the
very first time ever I used any mailing list
It doesn't matter anymore, I am sorry if I offended anyone, it was
not my intention, when I get an email I simply hit reply
I will try and solve my problems, and if I do get it to work I will
certainly post the solution for future users who might face the same
problem
As for now, I just want to thank you all
I have previously installed an older version of Squid compiled it
manually it wasn't the one packaged with the OS (Ubuntu hardy)
after few days trying to get it to work, I mean as a reverse proxy,
with no luck, I removed it, tried the version 3.0 the one that was
packaged with the Os, I got as far as allowing clients on my network
to have access to the internet and most of other applications on
windows XP couldn't connect.
Windows apps sadly often have to be individually configured for the
proxy. A lot are not able to use proxies at all.
For the MS software on WindowsXP, set the IE "Internet Options" then
at the command line running "proxycfg -u".
That proxycfg -u seems trivial, but it is seriously important for
Windows XP or a lot of HTTP service stuff in the background will not
work even with IE set correctly.
Also worth noting is that proxy auto-detect is not done by several of
the back-end libraries either. Including windows update :(
anyway this time around I have downloaded it again configured it
compiled it and installed it, it's not starting but this is a minor
problem, it's a permission issue rather than anything else.
I just want to say, thank you all, If I do get it to work I will post
the solution as promised if not that means I have moved on and no
longer using Squid3.
I will break it down for others to see and it will hopefully help
others:
Here it is:
1) Machine A Proxy-Router
2) Machine DSN DHCP
3) Web-server One www.example.com
4) Web-server Two www.example.org
5) Web-server Three www.example.net
6) IRC-server / Digichat server
Plus 5 Windows clients
I wanted a proxy server in the for two good reasons, one is for
loadbalancing and second for an extra layer of security
Currently I have all of the three websites above running on a single
machine on a virtualhosts, but it's too much for one machine to
handle all the requests.
I always wanted to use a proxy server but I was putting it off.
a) I knew it was going to be a challenge
b) I was trying to get sometime off in order to do it properly
Basically all I wanted for now is to forward all requests to the
relevant backend servers, to which I knew it was going to be a challenge
The "IRC-server / Digichat server" may not be proxy-able at all
through Squid. It depends if they use HTTP services, or if they are
accessible via HTTP.
For the reverse proxying of your websites:
pick one of the web servers to start with and this is the wiki
article you need for that website:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Note, the config settings must be going in above all the default
http_access lines currently in your config. The default http_access
are for forward-proxy and will block external access.
Then when thats tested and working, this config describes what to add
to the above to get multiple websites from multiple servers:
http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers
At this point or even with just one server setup you may hit the FD
overload problem again.
Why: Squid uses 2-3 FD for every request (client, cache file, and
maybe server connections) and clients like making 4-16 requests in
parallel each these days and make them is persistent for many minutes
at a stretch. FD run out fast.
For reverse-proxies on a fairly used site it may be a good idea to
have many FD available to Squid (64K or even 128K has been cited a
needed).
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
