On 11/02/11 17:22, Linda Walsh wrote:
I purchased a little toaster-sized HP home-server that I haven't fully made
use of, but that does have an annoying feature. It's **constantly** sending
messages to a ms-server. Maybe it's some sort of I'm alive pulse, but it's
annoyingly filling up my squidlog, and always using up/interrupting
normal traffic bin __minor__ amounts as it constantly does an HTTP
version of
a ping that runs *almost* all the time.
Here's a snipped from a 'cooked' log format I use to give me a quick
view into what's going w/squid:
+0.19 182ms; ln=1579 (8.5K/8.4K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
+0.18 173ms; ln=1579 (8.9K/8.9K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
+0.17 164ms; ln=1579 (9.4K/9.3K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
+0.20 191ms; ln=1579 (8.1K/8.0K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
+0.15 145ms; ln=1579 (10.6K/10.5K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
-------
It just keeps going this -- occasionally it will stop for a few minutes,
but most of the time it's doing these little several-K requests.
Is there an easy way in squid to say "if requester='home-server' and
request address = 'http://sqm.microsoft.com/sqm/Windows/sqmserver.dll',
then DROP the request (and issue nothing in the log).
There are more crude methods of shutting up, like one time, since it is
going through the proxy-server to get to the outside world, I just threw
in an ipchains rule to ignore it altogether. Fast, but a bit crude. I
don't want to cut off all internet access -- just that one, constant
droning request that just goes on and on...(filling logs, but most of
all, always reducing my full bandwidth)...
What a pain in the butt!
Talk about products that 'phone home'....This one whines to home about 5
times/second! LAME!
I currently have no other filtering going on in my squid files, so I'm
not really sure where to start. Do I need to write an external helper
and filter all traffic through it? That sounds like overkill -- and I'd
really not wish to slow down traffic from other stations -- I already
get too many 'sorry but your browser is configured to use a proxy which
is not responding' messages, now, as it is -- and ***I'M THE ONLY
USER!!!***... (very sad when 1 user can overwhelm a proxy server
designed to handle hundreds (if not thousands) of users... But that's
question for another day (like after I've pulled the latest source and
tried it to see if it is fixed...;-))....
That 403 is Squid or something upstream blocking the requests. So the
speed of calls is likely due to badly programed retries.
You could block this in Squid with:
acl SQM dstdomain sqm.microsoft.com
http_access deny SQM
and prevent logging of its requests with
access_log none SQM
But neither of those will help with the bandwidth consumption between
Squid and the problem box. Likely only finding out the cause of the
call-home and killing it will do that.
These may help with that latter:
http://www.neowin.net/forum/topic/439244-what-are-these-sqm-files/page__st__30__p__589093549#entry589093549
http://www.neowin.net/forum/topic/439244-what-are-these-sqm-files/page__st__30__p__588689642#entry588689642
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.4
