Squid com erro FATAL [RESOLVIDO]

carlosleosouza
(usa Debian)

Enviado em 28/04/2014 - 11:30h

Pessoal, bom dia.

Meu squid de uma hora pra outra não inicia. Já dei o comando squid -NCd1 pra depurar e a mensagem de erro que ocorre é com a autenticação dos usuários.

FATAL: The ldap_group helpers are crashing too rapidly, need help!

Alguém poderia me ajudar? Já tentei de tudo aqui e nada.

danniel-lara
(usa Fedora)

Enviado em 28/04/2014 - 13:41h

tem como postar seu squid.conf ?

carlosleosouza
(usa Debian)

Enviado em 28/04/2014 - 13:53h

Claro que sim. Tá um pouco extenso por causa da quantidade de ACLs.
Meu squid é versão 3
Obrigado!
Segue:

http_port 8082

cache_mem 1 GB

ipcache_low 90

ipcache_high 95

cache_dir aufs /var/spool/squid 8096 16 256

debug_options ALL,1

error_directory /usr/share/squid/errors/pt-br/

minimum_object_size 0 KB

maximum_object_size 102400 KB

maximum_object_size_in_memory 8 MB

memory_pools on

memory_pools_limit 64 MB



access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

pid_filename /var/run/squid.pid

coredump_dir /var/spool/squid



cache_mgr otaviana@viacaoregional.com.br

memory_pools off



diskd_program /usr/lib64/squid/diskd

unlinkd_program /usr/lib64/squid/unlinkd



refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|\?) 0 0% 0

refresh_pattern . 0 20% 4320

quick_abort_max 16 KB

quick_abort_pct 95

quick_abort_min 16 KB

request_header_max_size 20 KB

reply_header_max_size 20 KB

request_body_max_size 0 KB

mail_program mail

cache_effective_user squid

cache_effective_group squid

cache_replacement_policy heap GDSF

memory_replacement_policy heap GDSF

httpd_suppress_version_string off

visible_hostname WEBSERVER.rj.com.local

half_closed_clients off

hierarchy_stoplist cgi-bin ?



# Autenticacao integrada com a base do SaMBa

auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b dc=rj,dc=com,dc=local -f sAMAccountName=%s -h 10.10.10.250 -D cn=administrator,cn=Users,dc=rj,dc=com,dc=local -w $3nh@F0rt3$

auth_param basic children 5

auth_param basic realm Viação Regional & Jauá

auth_param basic credentialsttl 2 hour

auth_param basic casesensitive off



# acl para obter grupos do AD

external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group -R -b "dc=rj,dc=com,dc=local" -D cn=Administrator,cn=Users,dc=rj,dc=com,dc=local -w  -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=rj,dc=com,dc=local))" -h 10.10.10.250



# Grupos do AD

acl InternetCompleto external ldap_group InternetCompleto

acl InternetBasico external ldap_group InternetBasico

acl InternetIntermediario external ldap_group InternetIntermediario

acl Authenticated proxy_auth REQUIRED



# Liberações do SRVP e Java

acl libjava url_regex java.com sun.com

http_access allow libjava

acl libdljava url_regex javadl-esd.sun.com

http_access allow libdljava

acl libsrvp url_regex http://189.3.216.130/pv/rotat/SRVP_AUpdate.exe/* www.srvp.com.br

http_access allow libsrvp

#acl nfe dstdomain "/etc/squid/rules/blacklists/nfe/urls"

#http_access allow nfe



#Cria uma access control list, baseando-se na url e utilizando exp. regulares

#nesta situação foi criado uma exp. regular para cgi e ?.

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY



# ACLs restritivas

acl whitelist dstdomain "/etc/squid/rules/blacklists/whitelist/domains"

acl whitelist_urls dstdomain "/etc/squid/rules/blacklists/whitelist/urls"

acl socialnetworks dstdomain "/etc/squid/rules/blacklists/social_networks/domains"

acl social_networks urlpath_regex -i "/etc/squid/rules/blacklists/social_networks/urls"

acl adult dstdomain "/etc/squid/rules/blacklists/adult/domains"

acl [*****] dstdomain "/etc/squid/rules/blacklists/[*****]/domains"

acl socialnetworking dstdomain "/etc/squid/rules/blacklists/socialnetworking/domains"

acl social_networking urlpath_regex -i "/etc/squid/rules/blacklists/socialnetworking/urls"

acl mixed_adult dstdomain "/etc/squid/rules/blacklists/mixed_adult/domains"

acl audio-video dstdomain "/etc/squid/rules/blacklists/audio-video/domains"

acl audiovideo urlpath_regex -i "/etc/squid/rules/blacklists/audio-video/urls"

acl filehosting dstdomain "/etc/squid/rules/blacklists/filehosting/domains"

acl filesharing dstdomain "/etc/squid/rules/blacklists/filesharing/domains"

acl onlinegames dstdomain "/etc/squid/rules/blacklists/onlinegames/domains"

acl games dstdomain "/etc/squid/rules/blacklists/games/domains"

acl phishing dstdomain "/etc/squid/rules/blacklists/phishing/domains"

acl malware dstdomain "/etc/squid/rules/blacklists/malware/domains"

acl virusinfected dstdomain "/etc/squid/rules/blacklists/virusinfected/domains"

acl proxy dstdomain "/etc/squid/rules/blacklists/proxy/domains"

acl warez dstdomain "/etc/squid/rules/blacklists/warez/domains"

acl hacking dstdomain "/etc/squid/rules/blacklists/hacking/domains"

acl spyware dstdomain "/etc/squid/rules/blacklists/spyware/domains"

acl gambling dstdomain "/etc/squid/rules/blacklists/gambling/domains"

acl blogs dstdomain "/etc/squid/rules/blacklists/blog/domains"

acl search dstdomain "/etc/squid/rules/blacklists/searchs/domains"

acl negados arp "/etc/squid/rules/negados.txt"

acl vetofiles url_regex -i "/etc/squid/rules/blacklists/files/types"

acl almoco time SMTWHFA 11:55-13:35

acl tarde time SMTWHFA 18:00-20:00



#acl html rep_mime_type text/html



#ACLs padrão

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl localnet src 10.10.10.0/24

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 8080 #http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 1863 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl Safe_ports port 1120 1121 #SRVP

acl CONNECT method CONNECT

acl POST method POST



# Negar cache de POST

#acl POSTS method POST

#cache deny POSTS

acl FTP proto FTP

always_direct allow FTP



http_access allow manager localhost

http_access deny manager

http_access allow POST

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow Authenticated InternetCompleto !adult ![*****] !mixed_adult !phishing !malware !virusinfected !proxy !hacking !spyware

http_access allow Authenticated InternetIntermediario !socialnetworks !social_networks !socialnetworking !social_networking !adult ![*****] !mixed_adult !audio-video !audiovideo !filesharing !filehosting !onlinegames !games !phishing !malware !virusinfected !proxy !warez !hacking !spyware !gambling !blogs

#http_access deny vetofiles

http_access deny negados

http_access allow whitelist

http_access allow whitelist_urls

#reply_body_max_size 1024 MB html

reply_body_max_size 10 MB InternetBasico

#reply_body_max_size 10 MB InternetIntermediario

reply_body_max_size 5 MB almoco

reply_body_max_size 5 MB tarde

http_access allow Authenticated InternetBasico whitelist whitelist_urls !vetofiles

http_access allow Authenticated almoco ![*****] !adult !mixed_adult !filesharing !filehosting !phishing !malware !virusinfected !proxy !warez !hacking !spyware !gambling !audio-video !audiovideo !vetofiles

http_access allow Authenticated tarde ![*****] !adult !mixed_adult !filesharing !filehosting !phishing !malware !virusinfected !proxy !warez !hacking !spyware !gambling !vetofiles

http_access deny all