Amos Jeffries-2 wrote
On 25/02/2013 12:30 a.m., Ahmad wrote:
hello ,
thanks Amos , ive modified the config file as u suggested .
after removing the raid 0 , ive noted a better performance .
=============================================================
in general , browsing speed is lower than the speed in the absence of
squid
, but any way it is acceptable and i wish to enhance it as i can !
======================================================
As i mentioned in the beginning , i have an excellent hardware with about
32
G ram.
but i have major problem in squid-guard !!
after sometime it begins to bypass!!!!!!
i searched to use dansguardian instead of squid-guard but it seems that
dansguardian is not compatible with tproxy !!===> seems as shook to me !
==================================================
i have pumped only 1000 users with about 150-180 M only !!!!
here is the log of squidguard !
==============
2013-02-24 06:25:32 [17282] Warning: Possible bypass attempt. Found
multiple
slashes where only one is expected:
http://surprises.tango.me/ts//assets/ayol_fairy_gingerbread_surprise_2-UI_VG_SELECTOR_PACK-android.zip
Ah I see. SquidGuard is detecting what it reports as "bypass attempt".
This is NOT squidguard being bypassed.
There is a type of Web server attack *called* a "bypass attack" which
was designed to use multiple slashes like // or ./ or ../ to trick
simple URL matching security rules (like Squidguard appears to be using)
into ignoring parts of the URL. Any pattern match regex which you are
applying on the URL looking for the "http://"; by ignoring the "http:"
portion and identifying the "//" portion as the start will ignore the
real domain name, attack login details, and maybe some of the path.
However "//" is not necessarily a wrong patten. The author of the
website determines what the URL syntax is, so if the web server the URL
is supposed to be handled by can cope with it correctly that is a valid
URL.
2013-02-24 06:27:04 [17282] Warning: Possible bypass attempt. Found a
trailing dot in the domain name:
http://www.google.ps/xjs/_/js/s/sy15,gf,adnsp,wta,sy5,sy45,sy47,sy6,sy50,sy46,sy51,sy7,sy48,sy53,sy54,sy49,sy52,adct,ssi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
"Trailing dot" ??
Oh I see. .http://.... C1O10.en_US./
Whatever URL match squidGuard is testing there is *VERY* broken. Only
[a-zA-Z0-9\-\.\:] are permitted characters in domain names (or raw-IP
whch can also be there). squidGuard pattern is currently is allowing _ ,
/ = and probably # and ? as well I guess.
You need to fix that pattern *immediately* regardless of whatever else
you do about squidGuard.
[root@squid ~]#
==============================
here is a sample of cache.log file:
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters
{Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters
{Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters
{Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:18| WARNING: HTTP header contains NULL characters
{Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/24 06:24:41| clientProcessRequest: Invalid Request
2013/02/24 06:25:00| clientProcessRequest: Invalid Request
2013/02/24 06:25:04| clientProcessRequest: Invalid Request
2013/02/24 06:25:07| clientProcessRequest: Invalid Request
2013/02/24 06:25:09| helperHandleRead: unexpected reply on channel 0 from
redirector #1 ''
The squidGuard helper is sending Squid more lines of response than Squid
sent lines of requests.
It looks like something is causing an extra newline at the end of a
response.
The above happening will cause that squidGuard helper to be killed and a
new one to be started. This process will slow down your Squid with a
small pause as the new helper is started. If it happens often that could
be a large part of your speed problem.
Amos
Hi Mr Amos ,
thanks very much for explanation .
thanks Marcus ,
so ,
you mentioned that i have to fix the ... and // in squidguard !! how could
i fix it ??!!!!!!
i want to say something !
ive removed squid 1.4 and installed squidguard 1.5 beta version .
after that ,
no bypass happened :)
i mean that it was seem to be problem of squidguard .
i read that there is a bugs in squidguard in bypass , and i found squid 1.5
is better .
i pumped 2000 users to squid with BW 200M and no by pass occured
this is one issue ,
now lets return to the issue of slow browsing ,
agian , the browsing is not very bad , but it is acceptable anyway and less
quality than in absense of squid .
i dont know if it was because of my hardsiks !!
my disks are as bellow :
hd1==>ssd with 180 G as operating system
hd2==>sata with 560 G as /cache1 storage
hd3==>sata with 560 G as /cache2 storage
hd4===>sata with 560 G as /cache3 storage
now i dont know if i need more hardiks additional to hd2, hd3 , hd4 ?
or i need to replace them by ssd ?
or i need to use another file system to enhacne the speed ?
You may advice me Mr Amos about the best choice :)
===========================
now , after all of modification i did,
i mean after i used squidguard 1.5 beta , i will post my logs of squidguard
and cache..log
note that im still using squid 3.1.0 , i downloaded it by yum install !
============================
squidguard.log
*2013-02-25 03:09:01 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/c,sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:01 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/c,sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:02 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=27530109
2013-02-25 03:09:02 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/59319.flv?start=0
2013-02-25 03:09:03 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=36350022
2013-02-25 03:09:03 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4192445453826003354/mchpid/9/url/
2013-02-25 03:09:04 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4192445453826003354
2013-02-25 03:09:05 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=40931608
2013-02-25 03:09:05 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/4192445453826003354
2013-02-25 03:09:05 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4192445453826003354
2013-02-25 03:09:07 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=34456811
2013-02-25 03:09:08 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://apr.lijit.com///www/delivery/ajs.php?zoneid=158508&username=888media&numAds=1&premium=1&eleid=lijit_region_158508&abf=true&tid=158508_1361779751247417e33a3f00a&lijit_kw=&cb=3200&flv=11.6.602&time=10:09:11&ifr=1&loc=http://c.ztstatic.com/youtube_728x90_196.htm?clientId=4f95c1f8-b4f8-4e48-b9ed-685f89c82b48&od=c.ztstatic.com&referer=http://c.ztstatic.com/youtube_728x90_196.htm?clientId=4f95c1f8-b4f8-4e48-b9ed-685f89c82b48
2013-02-25 03:09:12 [8262] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/sb_mob,cdos,rcs,tbui,mbsk,mb,dise,miuv,ivf,mld,lu,amcl,bct,lc,mad,mbsf,mlr,ob,rsn,sf,sfa,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=1/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:12 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/sb_mob,cdos,rcs,tbui,mbsk,mb,dise,miuv,ivf,mld,lu,amcl,bct,lc,mad,mbsf,mlr,ob,rsn,sf,sfa,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=1/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:15 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://ds.serving-sys.com/BurstingRes///Site-38682/Type-2/0eb14c41-4ef9-4160-a7d0-0725c9d5947b.swf
2013-02-25 03:09:15 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.back4allah.com//photo/banner/ma.lel3qol.gif
2013-02-25 03:09:16 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/c,sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:16 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/c,sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:16 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//24-02-2013/130x87/0382984368.jpg
2013-02-25 03:09:16 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//24-02-2013/90x70/VMP51111.jpg
2013-02-25 03:09:16 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/sy15,gf/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=0/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:16 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/sy15,gf/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=0/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:19 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=36350022
2013-02-25 03:09:20 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.stqou.com/games//2784/طظƒط§ظٹط§طھ_ط®ط±ط§ظپظٹط©_-_ط§ظ„ط®ط±ظٹظپ..html
2013-02-25 03:09:20 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.stqou.com/games//2784/طظƒط§ظٹط§طھ_ط®ط±ط§ظپظٹط©_-_ط§ظ„ط®ط±ظٹظپ..html
2013-02-25 03:09:21 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.bayt4.com/upload//uploads/images/bayt4.com35c877fdeb.jpg
2013-02-25 03:09:22 [8263] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=39257474
2013-02-25 03:09:23 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/sb_mob,cdos,rcs,tbui,mbsk,mb,miuv,ivf,mld,lu,tnt,amcl,bct,lc,mad,mbsf,mlr,ob,rsn,sf,sfa,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=1/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:23 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/sb_mob,cdos,rcs,tbui,mbsk,mb,miuv,ivf,mld,lu,tnt,amcl,bct,lc,mad,mbsf,mlr,ob,rsn,sf,sfa,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=1/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:24 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected: http://www.stqou.com/games//2784/[ii]
2013-02-25 03:09:24 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected: http://www.stqou.com/games//2784/[>]
2013-02-25 03:09:25 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.sparkimg.com//forum/icons/FacebookButton.gif
2013-02-25 03:09:25 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.sparkimg.com//universal/indicator_big.gif
2013-02-25 03:09:25 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://c5.zedo.com//ads3/k/1424/1406500/6685/1000002/i.js
2013-02-25 03:09:25 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://c5.zedo.com//ads3/k/1424/994223/24349/1000007/i.js
2013-02-25 03:09:26 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/c,sb,cr,cdos,ssb,vm,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,j,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:26 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/c,sb,cr,cdos,ssb,vm,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,j,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:26 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=42450519
2013-02-25 03:09:27 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/sb_mob,cdos,rcs,tbui,mbsk,mb,miuv,ivf,mld,lu,tnt,amcl,bct,lc,mad,mbsf,mlr,ob,rsn,sf,sfa,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=1/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:27 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/sb_mob,cdos,rcs,tbui,mbsk,mb,miuv,ivf,mld,lu,tnt,amcl,bct,lc,mad,mbsf,mlr,ob,rsn,sf,sfa,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=Ag/d=1/sv=1/rs=AItRSTOpQvIp-01oN3KrTECEOyMQp4XebQ
2013-02-25 03:09:28 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://l2.zedo.com//log/p.gif?x=2077;g=138,138;c=1424001932,1424001932;i=0;n=1424;a=868265;b=1;i=1;u=3o8pUTqwREgaKiQJrC0HZ9JG~022413;1=20;2=99;e=i;s=80;g=138;q=0;z=0.7202420650033745
2013-02-25 03:09:28 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://l2.zedo.com//log/p.gif?x=2077;g=138,0;c=1424001572,0;i=0;n=1424;a=868265;b=1;i=1;u=3o8pUTqwREgaKiQJrC0HZ9JG~022413;1=20;2=99;e=i;s=80;g=138;q=0;z=0.25405871530645363
2013-02-25 03:09:29 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//752-3new.png
2013-02-25 03:09:29 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//24-02-2013/0555555555555555555555.jpg
2013-02-25 03:09:29 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//10-02-2013/89x60/0look4.jpg
2013-02-25 03:09:30 [8263] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//03-02-2013/89x60/0104.jpg
2013-02-25 03:09:30 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//27-01-2013/89x60/0rd6341.jpg
2013-02-25 03:09:30 [8263] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//10-02-2013/89x60/04%20(3).jpg
2013-02-25 03:09:30 [8262] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.ps/xjs/_/js/s/sy15,gf/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:30 [8262] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.ps/xjs/_/js/s/sy15,gf/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:30 [8263] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra/NewSite/25-02-2013/09283063860//326203632.png
2013-02-25 03:09:30 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra/NewSite/25-02-2013/09283063860//1845193052.jpg
2013-02-25 03:09:31 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.com/xjs/_/js/s/c,sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:31 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.com/xjs/_/js/s/c,sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:31 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://flv-origin.alarab.net//flv/58275.flv?start=45051900
2013-02-25 03:09:32 [8263] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://surprises.tango.me/ts//assets/ayol_im_omg_surprise_2-ANIMATION_PACK-.zip
2013-02-25 03:09:33 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://surprises.tango.me/ts//assets/ayol_im_omg_surprise_2-UI_VG_SELECTOR_PACK-android.zip
2013-02-25 03:09:34 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.com.sa/xjs/_/js/s/sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:34 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.com.sa/xjs/_/js/s/sb,cr,cdos,ssb,tbui,mb,abd,bihu,lu,m,tnv,amcl,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,pcc,csi/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=1/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:34 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://images.bokra.net/bokra//13-01-2013/89x60/074411316.jpg
2013-02-25 03:09:37 [8261] WARN: Possible bypass attempt. Found a trailing
dot in the domain name:
http://www.google.com/xjs/_/js/s/sy15,gf/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:37 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected:
http://www.google.com/xjs/_/js/s/sy15,gf/rt=j/ver=OMt9IcC1O10.en_US./am=CA/d=0/sv=1/rs=AItRSTOekKHDXRJiLDzqcQkCe4C3pVWkbw
2013-02-25 03:09:37 [8261] WARN: Possible bypass attempt. Found multiple
slashes where only one is expected: http://fms-eu6.panet.co.il/vod//78/*
============================================
cache.log
*NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:19| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:20| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded
2013/02/25 03:12:21| WARNING: HTTP header contains NULL characters {Accept:
*/*
Content-Type: application/x-www-form-urlencoded}
NULL
{Accept: */*
Content-Type: application/x-www-form-urlencoded*
======================================
do i need to increase the redirector in squidguard ???
here is squid.conf file :
*[root@squid ~]# cat /etc/squid/squid.conf
#
#
# squid Config By "Drvirus"
#
###################
acl all src all
acl manager proto cache_object
acl localnet src 192.168.1.0/24 x.x.x.x/16 x.x.x.x/16
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 590 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
################################
visible_hostname squid
coredump_dir /var/spool/squid
####squidguard###################
redirect_program /usr/local/squidguard5/bin/squidGuard -c
/etc/squidguard.conf
redirector_bypass on
url_rewrite_children 200
###############################
cache_effective_user squid
cache_effective_group squid
##############################
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow localnet
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access deny all
#Allow ICP queries from everyone
icp_access allow all
#######################################
access_log /var/log/squid/access.log
cache_dir aufs /cache1 500000 32 256
cache_dir aufs /cache2 500000 32 256
cache_dir aufs /cache3 500000 32 256
cache_mem 20000 MB
##########################
http_port 127.0.0.1:3128
http_port x.x.x.x:x.x
http_port 3128
http_port 3129 tproxy
########### Performance Related Config:
relaxed_header_parser on
vary_ignore_expire on
##########################################
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
###########################################
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
pipeline_prefetch on
############################################
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
###########################################
########### WCCP2 Config#############
wccp2_router x.x.x.x
wccp_version 2
wccp2_forwarding_method 2
wccp2_return_method 2
#wccp2_assignment_method mask
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
##########################################
###########################################
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#################################################
forwarded_for on
max_filedescriptors 65536
max_open_disk_fds 65536
relaxed_header_parser on
reload_into_ims on
client_lifetime 15 minutes
read_timeout 5 minutes
request_timeout 1 minutes
ie_refresh on
ignore_expect_100 on
vary_ignore_expire on
###############################
################################
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
shutdown_lifetime 20 seconds
#############################
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
minimum_object_size 0
maximum_object_size 130 MB
###############################*
with my best regards
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/slow-browsing-in-centos-6-3-with-squid-3-tp4658635p4658697.html
Sent from the Squid - Users mailing list archive at Nabble.com.
