On 28.03.2012 13:52, Spam Eater wrote:
Hi, I am using squid as a transparent proxy, with the purpose of caching local content so I can save bandwidth and accellerate frequently used pages. My problem is that squid is permanently fetching content from the internet, and I don't know why. I have deleted, then recreated the cache dir with -z several times, but I always see traffic from squid with tcpdump. This is puzzling me. It seems to crawl to the most weird sites. I thought squid would only go to the internet after a user requests a page, but I have nobody connected to the server. I initially found it weird that the CPU was always working for squid (5%~10%) with no one connected, then I found this. Can someone please shed a light on the subject? I have researched the faq and wiki, but I might be looking with the wrong keywords... I found nothing on this matter.
Check your manager access "mgr:active_requests" report to see what clients are connected and requesting things.
It could be quick_abort functionality completing a previous clients requests in order to cache the response. Or it could be a client is active doing a long request which is simply not yet logged (happens on request completion, not start). Or it could be an attacker got past your security controls and relaying through the proxy.
Amos
