[решено] ещё SQUID - Компьютерный форум OSzone.net

Компьютерный форум OSzone.net (http://forum.oszone.net/index.php)

- Общий по Linux (http://forum.oszone.net/forumdisplay.php?f=9)

- - [решено] ещё SQUID (http://forum.oszone.net/showthread.php?t=80004)

squid.conf

Код:

http_port 3128



hierarchy_stoplist cgi-bin ?



acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY



debug_options ALL,1



client_netmask 255.255.255.255



dns_nameservers 



visible_hostname proxy



redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf



redirect_children 5

redirector_bypass on



refresh_pattern ^ftp:                1440        20%        10080

refresh_pattern ^gopher:        1440        0%        1440

refresh_pattern .                0        20%        4320



acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80                # http

acl Safe_ports port 21                # ftp

acl Safe_ports port 443 563        # https, snews

acl Safe_ports port 70                # gopher

acl Safe_ports port 210                # wais

acl Safe_ports port 1025-65535        # unregistered ports

acl Safe_ports port 280                # http-mgmt

acl Safe_ports port 488                # gss-http

acl Safe_ports port 591                # filemaker

acl Safe_ports port 777                # multiling http

acl CONNECT method CONNECT



acl nn-bank src 192.168.102.0/24

acl m-bank src 192.168.0.205/32



http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow nn-bank

http_access allow m-bank



http_access allow localhost



http_reply_access allow all



icp_access allow all



error_directory /usr/lib/squid/errors/Russian-1251



coredump_dir /var/spool/squid

...с таким конфигом делаю в Linux Mandrake:
service squid start
...пишет
Запускается squid [OK]
...ps -A показывает что сквид запущен в двух экземплярах.
...при попытке другой машины зайти через него на сайт, один из процессов squid меняет pid (перезапускается тобишь), сайт не загружатся, браузер пишет что страницу невозможно отобразить, во!
...чо за дела??? :-)
...помогить ребята! ...за ранее пасиБ!

При запуске в режиме отладки:

Код:

[root@localhost squid]# squid -NCd1

Пишет это:

Код:

2007/02/25 19:08:48| Starting Squid Cache version 2.5.STABLE3 for i586-mandrake-linux-gnu...

2007/02/25 19:08:48| Process ID 5704

2007/02/25 19:08:48| With 1024 file descriptors available

2007/02/25 19:08:48| Performing DNS Tests...

2007/02/25 19:08:48| Successful DNS name lookup tests...

2007/02/25 19:08:48| DNS Socket created at 0.0.0.0, port 32774, FD 4

2007/02/25 19:08:48| Adding nameserver 192.168.102.100 from /etc/resolv.conf

2007/02/25 19:08:48| helperOpenServers: Starting 5 'squidGuard' processes

2007/02/25 19:08:49| User-Agent logging is disabled.

2007/02/25 19:08:49| Unlinkd pipe opened on FD 14

2007/02/25 19:08:49| Swap maxSize 102400 KB, estimated 7876 objects

2007/02/25 19:08:49| Target number of buckets: 393

2007/02/25 19:08:49| Using 8192 Store buckets

2007/02/25 19:08:49| Max Mem  size: 8192 KB

2007/02/25 19:08:49| Max Swap size: 102400 KB

2007/02/25 19:08:49| Rebuilding storage in /var/spool/squid (CLEAN)

2007/02/25 19:08:49| Using Least Load store dir selection

2007/02/25 19:08:49| Set Current Directory to /var/spool/squid

2007/02/25 19:08:49| Loaded Icons.

2007/02/25 19:08:49| Accepting HTTP connections at 0.0.0.0, port 3128, FD 15.

2007/02/25 19:08:49| Accepting ICP messages at 0.0.0.0, port 3130, FD 16.

2007/02/25 19:08:49| Accepting HTCP messages on port 4827, FD 17.

2007/02/25 19:08:49| Accepting SNMP messages on port 3401, FD 18.

2007/02/25 19:08:49| WCCP Disabled.

2007/02/25 19:08:49| Ready to serve requests.

2007/02/25 19:08:49| Done scanning /var/spool/squid swaplog (0 entries)

2007/02/25 19:08:49| Finished rebuilding storage from disk.

2007/02/25 19:08:49|         0 Entries scanned

2007/02/25 19:08:49|         0 Invalid entries.

2007/02/25 19:08:49|         0 With invalid flags.

2007/02/25 19:08:49|         0 Objects loaded.

2007/02/25 19:08:49|         0 Objects expired.

2007/02/25 19:08:49|         0 Objects cancelled.

2007/02/25 19:08:49|         0 Duplicate URLs purged.

2007/02/25 19:08:49|         0 Swapfile clashes avoided.

2007/02/25 19:08:49|   Took 0.3 seconds (   0.0 objects/sec).

2007/02/25 19:08:49| Beginning Validation Procedure

2007/02/25 19:08:49|   Completed Validation Procedure

2007/02/25 19:08:49|   Validated 0 Entries

2007/02/25 19:08:49|   store_swap_size = 0k

2007/02/25 19:08:50| storeLateRelease: released 0 objects

Затем, как только с компьютера в сети производится загрузка сайта через этот прокси, происходит следующее:

Код:

2007/02/25 19:09:35| WARNING: redirector #1 (FD 6) exited

2007/02/25 19:09:41| WARNING: redirector #2 (FD 7) exited

2007/02/25 19:09:42| WARNING: redirector #3 (FD 8) exited

2007/02/25 19:09:44| WARNING: redirector #4 (FD 9) exited

2007/02/25 19:09:44| storeDirWriteCleanLogs: Starting...

2007/02/25 19:09:44| WARNING: Closing open FD   15

2007/02/25 19:09:44|   Finished.  Wrote 0 entries.

2007/02/25 19:09:44|   Took 0.0 seconds (   0.0 entries/sec).

FATAL: Too few redirector processes are running

Aborted

[root@localhost squid]#

....вот таки дела!

Методом тыка выяснил, что причина в этих...

Код:

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

redirect_children 5

redirector_bypass on

...трёх строчках конфига
посему ниже привожу конфиг /etc/squid/squidGuard.conf

Код:

dbhome /usr/share/squidGuard-1.2.0

logdir /var/log/squid



rewrite mp3 {

        s@.*\.mp3$@http://192.168.102.28/mp3/ntcrack.mp3@r

}



rewrite servicepk {

        s@.*\w2ksp4_ru.exe$@http://192.168.102.28/ms-sp/w2ksp4_ru.exe@r

        s@.*\MPsetup.exe$@http://192.168.0.208/ms-sp/MPsetup.exe@r

}



rewrite avpsvc {

        s@.ftp.avp.ru/updates\.*$@ftp://oldmail.XXX.ru/pub/AVP/*@r

}



time workhours {

        weekly mtwhf 08:00 - 19:30

        date *-*-01  08:00 - 19:30

}



#

# REWRITE RULES:

#



#rew dmz {

#        s@://admin/@://admin.foo.bar.no/@i

#        s@://foo.bar.no/@://www.foo.bar.no/@i

#}



rew multimedia {

        s@.*/*.(mp3|avi|wav|mov|mpeg)$@http://192.168.102.28/mp3/play.mp3@ir

        s@.*/listen.pls$@listen2.pls@ir

#        s@://www.XXX.ru/@://pomoika.XXX.ru/@i

}



src lock {

        ip        192.168.102.233/32

}



src val {

#        ip        192.168.102.233/32

}

src shibaev {

#        ip      192.168.102.233/32

}



src admin {

        ip        192.168.102.15/32

        ip        192.168.102.19/32

}



src nn-kras {

#        N-Novgorod

        ip 192.168.102.0/24

}

# DESTINATION CLASSES:

#



dest drugs {

        domainlist        drugs/domains

        urllist                drugs/urls

}



dest noicq {

        domainlist        noicq/domains

        expressionlist        noicq/expressions

}



dest novirus {

        domainlist        virus/domains

}        



dest valuta {

        domainlist        valuta/domains

}



dest kep {

        domainlist        kep/domains

}



dest good {

        domainlist        good/domains

        urllist                good/urls

        expressionlist        good/expressions

}

dest krasru {

        domainlist        krasru/domains

}



dest good_spylog {

        domainlist        goodsp/domains

#        urllist                good/urls

}



dest icq-https {

        domainlist        icq-https/domains

#        urllist                drugs/urls

}



dest badurl {

        domainlist        bad-url/domains

        urllist                bad-url/urls

        expressionlist        bad-url/expressions

        redirect        302:http://192.168.102.28/eye.html

}



dest badexp {

        expressionlist        bad-exp/expressions

}



dest icq-ban {

        expressionlist        icq-ban/expressions

        redirect        302:http://192.168.102.28/noicq.html

}



dest bad-exp1 {

        expressionlist        bad-exp1/expressions

}



dest local {

        domainlist        locals/domains

        urllist                locals/urls

        expressionlist        locals/expressions

}



dest porno {

        domainlist         porn/domains

        urllist                porn/urls

        expressionlist        porn/expressions

        redirect        302:http://192.168.102.28/eye.html

        log                 /var/log/squid/porno.log

}



dest ads {

        domainlist        ads/domains

        expressionlist        ads/expressions

        urllist                ads/urls

        redirect        302:http://192.168.102.28/icons/empty.gif

        log         /var/log/squid/banners.log

}



dest gambling {

        domainlist        gambling/domains

        urllist                gambling/urls

}



dest games {

        domainlist        games/domains

        urllist                games/urls

        redirect        302:http://192.168.102.28/eye.html

}



dest microsoft {

        domainlist        ms/domains

#        urllist                ms/urls

}



dest avi {

        domainlist        audio-video/domains

        urllist                audio-video/urls

        expressionlist        audio-video/expressions

        

}



dest agressor {

        domainlist        aggressive/domains

        urllist                aggressive/urls

}





dest mailers {

        domainlist        mail/domains

        urllist                mail/urls

}



dest proxysrv {

        domainlist        proxy/domains

        urllist                proxy/urls

        redirect        302:http://192.168.102.28/eye.html

}



dest waresz {

        domainlist        warez/domains

        urllist                warez/urls

}



acl {

        lock {

                pass krasru none

        }

        val {

                pass valuta krasru none

        }

        admin {

                pass good !icq-ban !novirus any

        }

        shibaev {

                pass good !icq-ban !novirus !ads !badexp !badurl !agressor !porno !gambling !games !waresz !avi !proxysrv any

                rewrite multimedia

        } 

        nn-kras {

                pass good !icq-ban !novirus !ads !badexp !drugs !badurl !agressor !porno !gambling !games !waresz !avi !proxysrv any

                rewrite multimedia

        } 

        default {

                pass         none

                redirect http://192.168.102.28/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&url=%u

        }

}

zelo

Что дает squidGuard -d ?

Еже запустить так:

Код:

[root@localhost squid]# squidGuard -d

...то сказывает, что не может найти файл-конфиг по пути /etc/squidGuard/squidGuard.conf
Еже ли запустить так:

Код:

[root@localhost squid]# squidGuard -d -c /etc/squid/squidGuard.conf

...то в консоли появится следующе:

Код:

2007-02-26 08:48:02 [15030] sourceblock lock missing active content, set inactive

2007-02-26 08:48:02 [15030] sourceblock val missing active content, set inactive

2007-02-26 08:48:02 [15030] sourceblock shibaev missing active content, set inactive

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/drugs/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/drugs/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/drugs/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/drugs/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/noicq/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/noicq/domains.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/noicq/expressions

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/virus/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/virus/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/valuta/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/valuta/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/kep/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/kep/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/good/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/good/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/good/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/good/urls.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/good/expressions

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/krasru/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/krasru/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/goodsp/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/goodsp/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/icq-https/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/icq-https/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/bad-url/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/bad-url/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/bad-url/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/bad-url/urls.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/bad-url/expressions

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/bad-exp/expressions

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/icq-ban/expressions

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/bad-exp1/expressions

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/locals/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/locals/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/locals/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/locals/urls.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/locals/expressions

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/porn/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/porn/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/porn/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/porn/urls.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/porn/expressions

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/ads/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/ads/domains.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/ads/expressions

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/ads/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/ads/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/gambling/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/gambling/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/gambling/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/gambling/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/games/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/games/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/games/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/games/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/ms/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/ms/domains.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/audio-video/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/audio-video/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/audio-video/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/audio-video/urls.db

2007-02-26 08:48:02 [15030] init expressionlist /usr/share/squidGuard-1.2.0/audio-video/expressions

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/aggressive/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/aggressive/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/aggressive/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/aggressive/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/mail/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/mail/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/mail/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/mail/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/proxy/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/proxy/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/proxy/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/proxy/urls.db

2007-02-26 08:48:02 [15030] init domainlist /usr/share/squidGuard-1.2.0/warez/domains

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/warez/domains.db

2007-02-26 08:48:02 [15030] init urllist /usr/share/squidGuard-1.2.0/warez/urls

2007-02-26 08:48:02 [15030] loading dbfile /usr/share/squidGuard-1.2.0/warez/urls.db

2007-02-26 08:48:02 [15030] squidGuard 1.2.0 started (1172468882.860)

2007-02-26 08:48:02 [15030] recalculating alarm in 38518 seconds

2007-02-26 08:48:02 [15030] squidGuard ready for requests (1172468882.878)

zelo

А если сначала su "имя пользователя под которым работает сквид", и попробовать запустить все ручками от него. Может где-то прав не хватает.

zelo
То-то мне подсказывает, что доступ на http://192.168.102.28 должен идти не через прокси. Кроме того, проверь, крутится ли на этом адресе web-сервер.
Ну и стандартное - права доступа на каталоги, файлы.
Встречал еще один совет: использовать rejik. Я сам его использую :). Если не получится с squidGuard, присмотрись, может понравится.

права на все нужные файлы, а именно:

Код:

/etc/squid/*

/usr/share/squidGuard.../*

/var/log/squid/*

/var/spool/squid/*

...дал по маске 0666, а владельцев и группы установил в nobody
...и не па-шет!

...разобрался я ребят!
...нужно было просто некоторым файлам дать права по маске 0777, а не 0666.
...всем спасиБо!

ещё вопрос (оказыватся ещё не решено!):

почему squidGuard статистику не генерирует???

...конфиги выше

Цитата:

почему squidGuard статистику не генерирует???

А должен??? Вообще-то для сбора статистики прикручивают SARG или что-то попроще - LightSquid, есть еще скрипты на perl'e.

....не знал :-).
....час будем ставить!