Portal Splash Pages example on squid 3.3.13

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Portal Splash Pages example on squid 3.3.13

amitinfo2k
Hi,

I am a newbie to squid proxy world.
I have setup the squid proxy with default configuration on Fedora 19 box. Now I wanted to configure the Spash pages. But, not able to find a single working example for squid 3.3.13.
Can anyone provide me an example configuration for Spash pages in squid 3.3.2.

I have tried the following modified example but no luck no errors in the logs :

# Set up the session helper in active mode. Mind the wrap - this is one line:
external_acl_type session ipv4 concurrency=100 ttl=3 %SRC /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/

# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN

# Set up the normal session helper. Mind the wrap - this is one line:
external_acl_type session_active_def ipv4 concurrency=100 ttl=3 %SRC /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/

# Normal session ACL as per simple example
acl session_is_active external session_active_def

# ACL to match URL
acl clicked_login_url url_regex -i http://example.net

# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login

# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active

# Deny page to display
deny_info http://example.net session_is_active


Thanks,
amitinfo2k
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

Amos Jeffries
Administrator
On 10/02/2015 6:07 a.m., amitinfo2k wrote:
> Hi,
>
> I am a newbie to squid proxy world.
> I have setup the squid proxy with default configuration on Fedora 19 box.
> Now I wanted to configure the Spash pages. But, not able to find a single
> working example for squid 3.3.13.
> Can anyone provide me an example configuration for Spash pages in squid
> 3.3.2.

Sessions and splash pages operate the same for all Squid versions.
 http://wiki.squid-cache.org/ConfigExamples/Portal/Splash

The only reason it mentions versino numbers at all is that there was a
new HTTP/1.1 status code added in 3.2.

It seems the config got a bit corrupted. I've fixed that now.


Some edits in line below:


>
> I have tried the following modified example but no luck no errors in the
> logs :
>
> # Set up the session helper in active mode. Mind the wrap - this is one
> line:
> external_acl_type session ipv4 concurrency=100 ttl=3 %SRC
> /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/
>
> # Pass the LOGIN command to the session helper with this ACL
> acl session_login external session LOGIN
>

Delete ...

> # Set up the normal session helper. Mind the wrap - this is one line:
> external_acl_type session_active_def ipv4 concurrency=100 ttl=3 %SRC
> /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/
>

... to here.


> # Normal session ACL as per simple example
> acl session_is_active external session_active_def

Replace with:
  acl session_is_active external session

>
> # ACL to match URL
> acl clicked_login_url url_regex -i http://example.net


Replace with:
  acl clicked_login_url url_regex -i ^http://example.net/$

>
> # First check for the login URL. If present, login session
> http_access allow clicked_login_url session_login
>
> # If we get here, URL not present, so renew session or deny request.
> http_access deny !session_is_active
>
> # Deny page to display
> deny_info http://example.net session_is_active

Replace with:
 deny_info 511:http://example.net/ session_is_active

Notice that the URL has to be a full valid URL. Your squid version is
*not* checking it before embedding into the outgoing headers.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

amitinfo2k
This post was updated on .
thanks for the quick reply.

I made the changes accordingly as follows :
---------------------------------------------------------------------------------------------

# Set up the session helper in active mode. Mind the wrap - this is one line:
external_acl_type session ipv4 concurrency=100 ttl=3 %SRC /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/

# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN

# Normal session ACL as per simple example
acl session_is_active external session

# ACL to match URL
acl clicked_login_url url_regex -i ^http://example.net/$

# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login

# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active

# Deny page to display
deny_info 511:http://example.net/ session_is_active
---------------------------------------------------------------------------------------------
but, after the squid restart it fails with following error :
---------------------------------------------------------------------------------------------
Feb 09 22:40:31 localhost.localdomain systemd[1]: Starting Squid caching proxy...
Feb 09 22:40:31 localhost.localdomain squid[4561]: 2015/02/09 22:40:31| FATAL: status 511 requires a template on '511:http://example.net/'
Feb 09 22:40:31 localhost.localdomain squid[4561]:FATAL: Bungled /etc/squid/squid.conf line 114: deny_info 511:http://example.net/ session_is_active
Feb 09 22:40:31 localhost.localdomain systemd[1]: squid.service: control process exited, code=exited status=1
Feb 09 22:40:31 localhost.localdomain systemd[1]: Failed to start Squid caching proxy.
---------------------------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

Amos Jeffries
Administrator
On 10/02/2015 7:45 p.m., amitinfo2k wrote:

> thanks for the quick reply.I made the changes accordingly as follows
> :---------------------------------------------------------------------------------------------....#
> Set up the session helper in active mode. Mind the wrap - this is one
> line:external_acl_type session ipv4 concurrency=100 ttl=3 %SRC
> /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/# Pass
> the LOGIN command to the session helper with this ACLacl session_login
> external session LOGIN# Normal session ACL as per simple exampleacl
> session_is_active external session# ACL to match URLacl clicked_login_url
> url_regex -i ^http://example.net/$# First check for the login URL. If
> present, login sessionhttp_access allow clicked_login_url session_login# If
> we get here, URL not present, so renew session or deny request.http_access
> deny !session_is_active# Deny page to displaydeny_info
> 511:http://example.net/
> session_is_active---------------------------------------------------------------------------------------------but,
> after the squid restart it fails with following error
> :---------------------------------------------------------------------------------------------Feb
> 09 22:40:31 localhost.localdomain systemd[1]: Starting Squid caching
> proxy...Feb 09 22:40:31 localhost.localdomain squid[4561]: 2015/02/09
> 22:40:31| *FATAL: status 511 requires a template on
> '511:http://example.net/'*Feb 09 22:40:31 localhost.localdomain
> squid[4561]:*FATAL: Bungled /etc/squid/squid.conf line 114: deny_info
> 511:http://example.net/ session_is_active*Feb 09 22:40:31
> localhost.localdomain systemd[1]: squid.service: control process exited,
> code=exited status=1Feb 09 22:40:31 localhost.localdomain systemd[1]: Failed
> to start Squid caching
> proxy.---------------------------------------------------------------------------------------------
>

Ar, sorry I keep forgetting. 511 is a response that has a body not a
redirect. You need to write your denial info in a static template file
for Squid to deliver. Any dynamics that need to be done can be written
in that with scripting.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

amitinfo2k
Thanks I changed the config now the service is up no errors in the logs but, I don't see spash screen
any time. Following the configuration i did with default squid config
----------------------------------------------------------------------------------------------------
# Set up the session helper in active mode. Mind the wrap - this is one line:
external_acl_type session ipv4 concurrency=100 ttl=3 %SRC /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/

# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN


# Normal session ACL as per simple example
acl session_is_active external session

# ACL to match URL
acl clicked_login_url url_regex -i ^http://example.net/$

# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login

# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active

# Deny page to display
deny_info 511:/etc/squid/splash.html session_is_active
----------------------------------------------------------------------------------------------------

I haven't enabled authentication. I tried testing from local m/c by configuring the proxy in the browser and also tried from remote m/c. I am able to browse the internet via proxy. But, I am not getting the splash screen.


Thanks,
Amit Wankhede
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

Amos Jeffries
Administrator
On 13/02/2015 1:21 a.m., amitinfo2k wrote:

> Thanks I changed the config now the service is up no errors in the logs but,
> I don't see spash screen
> any time. Following the configuration i did with default squid config
> ----------------------------------------------------------------------------------------------------
> # Set up the session helper in active mode. Mind the wrap - this is one
> line:
> external_acl_type session ipv4 concurrency=100 ttl=3 %SRC
> /usr/lib64/squid/ext_session_acl -a -T 60 -b /var/lib/squid/session/
>
> # Pass the LOGIN command to the session helper with this ACL
> acl session_login external session LOGIN
>
>
> # Normal session ACL as per simple example
> acl session_is_active external session
>
> # ACL to match URL
> acl clicked_login_url url_regex -i ^http://example.net/$
>
> # First check for the login URL. If present, login session
> http_access allow clicked_login_url session_login
>
> # If we get here, URL not present, so renew session or deny request.
> http_access deny !session_is_active
>
> # Deny page to display
> deny_info 511:/etc/squid/splash.html session_is_active
> ----------------------------------------------------------------------------------------------------
>
> I haven't enabled authentication. I tried testing from local m/c by
> configuring the proxy in the browser and also tried from remote m/c. I am
> able to browse the internet via proxy. But, I am not getting the splash
> screen.


Okay, so how are you testing this? and what does the splash.html contain
exactly?


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

amitinfo2k
Splash is just a static HTML page as folllows:
----------------------------------------------------------
/etc/squid/splash.html
----------------------------------------------------------
<html>
    <head>
        <title>splash screen example</title>
    </head>
    <body>
     This is splash screen
    </body>
</html>
----------------------------------------------------------
I have a VM (Fedora19) where i have installed the squid and this VM has internet access.
now on this VM itself I am opening a Browser with proxy setting a VM IP and port 3128.
Also, I tried from host m/c browser configured proxy settings as VM IP and port 3128.
I am able to browse the internet. But no splash screen coming in between. so, how does the session work here ? as per configuration -T 60 sec every one min session should be expired right ? and then i should be able to see the splash.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

Amos Jeffries
Administrator
On 13/02/2015 3:12 a.m., amitinfo2k wrote:

> Splash is just a static HTML page as folllows:
> ----------------------------------------------------------
> /etc/squid/splash.html
> ----------------------------------------------------------
> <html>
>     <head>
>         <title>splash screen example</title>
>     </head>
>     <body>
>      This is splash screen

You are missing the bit which directs the user to the login URL:

  <br>
  <a href="http://example.net/">Click to start browsing</a>

>     </body>
> </html>
> ----------------------------------------------------------
> I have a VM (Fedora19) where i have installed the squid and this VM has
> internet access.
> now on this VM itself I am opening a Browser with proxy setting a VM IP and
> port 3128.
> Also, I tried from host m/c browser configured proxy settings as VM IP and
> port 3128.
> I am able to browse the internet. But no splash screen coming in between.
> so, how does the session work here ? as per configuration -T 60 sec every
> one min session should be expired right ? and then i should be able to see
> the splash.

I meant what does "browse the internet" involve for your tests.

If you visit "http://example.net/" at any point the session is logged in
created and you can then browse. Even if you have not seen the splash page.

Make sure the session DB from old experiments is erased. You may be
using an old session.

All this also depends on where it is in relation to other http_access
rules in the config file.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

amitinfo2k
Thanks I have rearranged the rules and now after the session is expired
I am seeing the page with following content :
-----------------------------------------------------
Internal Error: Missing Template /etc/squid/splash.html
-----------------------------------------------------
It's like it is not able to locate the template splash even though it exists there.
no error in the logs.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

Amos Jeffries
Administrator
On 13/02/2015 7:14 a.m., amitinfo2k wrote:
> Thanks I have rearranged the rules and now after the session is expired
> I am seeing the page with following content :
> -----------------------------------------------------
> Internal Error: Missing Template /etc/squid/splash.html
> -----------------------------------------------------
> It's like it is not able to locate the template splash even though it exists
> there.
> no error in the logs.
>

Doh! Sorry I keep forgetting the patch I use for allowing absolute
template paths is not merged.


You need to place the page in the default error page templates directory
(.../error/templates/), or create a symlink from there to your
/etc/squid/splash.html file.

The deny_info line gets just the name of the file/symlink within the
templates directory.
 deny_info 511:splash.html ...


Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

amitinfo2k
Thanks a lot I can see the spalsh screen now but, session expiry is little confusing may be some rule i messed up with will play around it to understand it. thanks again

mm
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

mm
This post was updated on .
hi, i m also trying to configure squid proxy server in my ubuntu machine and using version 3.3.8. i have used the same example as mentioned in your post. but i am getting the following error :
2017/08/04 10:14:05| WARNING: -D command-line option is obsolete.
2017/08/04 10:14:05| aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '10.0.2.0/16'
2017/08/04 10:14:05| aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '10.0.3.0/16'
2017/08/04 10:14:05| WARNING: (B) '10.0.0.0/16' is a subnetwork of (A) '10.0.0.0/16'
2017/08/04 10:14:05| WARNING: because of this '10.0.0.0/16' is ignored to keep splay tree searching predictable
2017/08/04 10:14:05| WARNING: You should probably remove '10.0.0.0/16' from the ACL named 'localnet'
2017/08/04 10:14:05| WARNING: (B) '10.0.0.0/16' is a subnetwork of (A) '10.0.0.0/8'
2017/08/04 10:14:05| WARNING: because of this '10.0.0.0/8' is ignored to keep splay tree searching predictable
2017/08/04 10:14:05| WARNING: You should probably remove '10.0.0.0/16' from the ACL named 'localnet'
2017/08/04 10:14:05| Starting Squid Cache version 3.3.8 for x86_64-pc-linux-gnu...
2017/08/04 10:14:05| Process ID 3891
2017/08/04 10:14:05| Process Roles: master worker
2017/08/04 10:14:05| With 65536 file descriptors available
2017/08/04 10:14:05| Initializing IP Cache...
2017/08/04 10:14:05| DNS Socket created at [::], FD 5
2017/08/04 10:14:05| DNS Socket created at 0.0.0.0, FD 6
2017/08/04 10:14:05| Warning: Could not find any nameservers. Trying to use localhost
2017/08/04 10:14:05| Please check your /etc/resolv.conf file
2017/08/04 10:14:05| or use the 'dns_nameservers' option in squid.conf.
2017/08/04 10:14:05| helperOpenServers: Starting 5/5 'ext_session_acl' processes
2017/08/04 10:14:05| Logfile: opening log daemon:/var/log/squid3/access.log
2017/08/04 10:14:05| Logfile Daemon: opening log /var/log/squid3/access.log
2017/08/04 10:14:05| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2017/08/04 10:14:05| Store logging disabled
2017/08/04 10:14:05| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2017/08/04 10:14:05| Target number of buckets: 1008
2017/08/04 10:14:05| Using 8192 Store buckets
2017/08/04 10:14:05| Max Mem  size: 262144 KB
2017/08/04 10:14:05| Max Swap size: 0 KB
2017/08/04 10:14:05| Using Least Load store dir selection
2017/08/04 10:14:05| chdir: /var/spool/squid: (2) No such file or directory
2017/08/04 10:14:05| Current Directory is /home/misha
2017/08/04 10:14:05| Loaded Icons.
2017/08/04 10:14:05| HTCP Disabled.
2017/08/04 10:14:05| Pinger socket opened on FD 21
2017/08/04 10:14:05| Configuring Parent 10.0.0.2/3128/0
2017/08/04 10:14:05| Squid plugin modules loaded: 0
2017/08/04 10:14:05| Adaptation support is off.
2017/08/04 10:14:05| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 19 flags=9
2017/08/04 10:14:05| WARNING: session #2 exited
2017/08/04 10:14:05| Too few session processes are running (need 1/5)
2017/08/04 10:14:05| Closing HTTP port [::]:3128
2017/08/04 10:14:05| storeDirWriteCleanLogs: Starting...
2017/08/04 10:14:05|   Finished.  Wrote 0 entries.
2017/08/04 10:14:05|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The session helpers are crashing too rapidly, need help!


My squid.conf file is as follows:
acl localnet src 10.0.2.0/16
acl localnet src 10.0.3.0/16

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid

## addition for splash page active##
external_acl_type session ipv4 concurrency=100 ttl=3 %SRC /usr/lib/squid/ext_session_acl -T 60 -b /var/lib/squid/session.db
acl session_login external session LOGIN
acl session_is_active external session
acl clicked_login_url url_regex -i ^https://www.google.co.in$
http_access allow clicked_login_url session_login
http_access deny !session_is_active
deny_info 511:/etc/squid3/splash.html session_is_active


Pls tell me what going wrong??
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Portal Splash Pages example on squid 3.3.13

Amos Jeffries
Administrator
On 04/08/17 16:56, mm wrote:
> hi, i m also trying to configure squid proxy server in my ubuntu machine and
> using version 3.3.8. i have used the same example as mentioned in your post.
> but i am getting the following error :
> 2017/08/04 10:14:05| WARNING: -D command-line option is obsolete.

Your init script should not be using the -D option any more. Check that
you are using the proper one from Ubuntu. If you are, then don't worry
about this warning - it will disappear on a future upgrade of the init
script (IIRC in Xenial).


> 2017/08/04 10:14:05| aclIpParseIpData: WARNING: Netmask masks away part of
> the specified IP in '10.0.2.0/16'
> 2017/08/04 10:14:05| aclIpParseIpData: WARNING: Netmask masks away part of
> the specified IP in '10.0.3.0/16'
> 2017/08/04 10:14:05| WARNING: (B) '10.0.0.0/16' is a subnetwork of (A)
> '10.0.0.0/16'
> 2017/08/04 10:14:05| WARNING: because of this '10.0.0.0/16' is ignored to
> keep splay tree searching predictable
> 2017/08/04 10:14:05| WARNING: You should probably remove '10.0.0.0/16' from
> the ACL named 'localnet'
> 2017/08/04 10:14:05| WARNING: (B) '10.0.0.0/16' is a subnetwork of (A)
> '10.0.0.0/8'
> 2017/08/04 10:14:05| WARNING: because of this '10.0.0.0/8' is ignored to
> keep splay tree searching predictable
> 2017/08/04 10:14:05| WARNING: You should probably remove '10.0.0.0/16' from
> the ACL named 'localnet'

All the above warnings seem to be from two problems.

1) I think you have left the default localnet ACL definition in while
also adding your LAN 10.0.*.0/16 ranges.

2) the /16 on 10.0.2.0 and 10.0.3.0 masks away the '2' and '3' portion.
Leaving these entries both as 10.0.0.0/16.

There are several ways to fix these:

either,
  mask the 10.0.x.0 ranges as the /24 they are:

   acl localnet src 10.0.2.0/24 10.0.3.0/24

or,
  specify the start-end of the sub-subnet range within the /16 which you
are using for your LAN:

   acl localnet src 10.0.2.0-10.0.3.255/16

or,
  list the whole /16 (what Squid is currently assuming you meant to do):

   acl localnet src 10.0.0.0/16

or,
  leave the default Squid definition for RFC 1918 ranges provided and
not configure your specific RFC 1918 sub-ranges.

If you choose anything but the last option, remove the default localnet
definition specifying all of 10/8 as localnet, and probably the other
IPv4 ranges as well. The IPv6 ranges you will need to look into and make
a decision about.


> 2017/08/04 10:14:05| Starting Squid Cache version 3.3.8 for
> x86_64-pc-linux-gnu...
> 2017/08/04 10:14:05| Process ID 3891
> 2017/08/04 10:14:05| Process Roles: master worker
> 2017/08/04 10:14:05| With 65536 file descriptors available
> 2017/08/04 10:14:05| Initializing IP Cache...
> 2017/08/04 10:14:05| DNS Socket created at [::], FD 5
> 2017/08/04 10:14:05| DNS Socket created at 0.0.0.0, FD 6
> 2017/08/04 10:14:05| Warning: Could not find any nameservers. Trying to use
> localhost
> 2017/08/04 10:14:05| Please check your /etc/resolv.conf file
> 2017/08/04 10:14:05| or use the 'dns_nameservers' option in squid.conf.


That one is a semi-serious issue on Ubuntu. resolv.conf not being setup
properly with "nameserver ..." entries will break a huge amount of things.

If it is unset because your network connection is dynamic and currently
offline, then you WILL need to run "squid -k reconfigure" each time it
gets connected and changes resolv.conf contents.

NOTE: avoid "service squid reload" from upstart (and later systemd) -
that way leads to some bad troubles with Squid-3.


> 2017/08/04 10:14:05| helperOpenServers: Starting 5/5 'ext_session_acl'
> processes
> 2017/08/04 10:14:05| Logfile: opening log daemon:/var/log/squid3/access.log
> 2017/08/04 10:14:05| Logfile Daemon: opening log /var/log/squid3/access.log
> 2017/08/04 10:14:05| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2017/08/04 10:14:05| Store logging disabled
> 2017/08/04 10:14:05| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2017/08/04 10:14:05| Target number of buckets: 1008
> 2017/08/04 10:14:05| Using 8192 Store buckets
> 2017/08/04 10:14:05| Max Mem  size: 262144 KB
> 2017/08/04 10:14:05| Max Swap size: 0 KB
> 2017/08/04 10:14:05| Using Least Load store dir selection
> 2017/08/04 10:14:05| chdir: /var/spool/squid: (2) No such file or directory
> 2017/08/04 10:14:05| Current Directory is /home/misha
> 2017/08/04 10:14:05| Loaded Icons.
> 2017/08/04 10:14:05| HTCP Disabled.
> 2017/08/04 10:14:05| Pinger socket opened on FD 21
> 2017/08/04 10:14:05| Configuring Parent 10.0.0.2/3128/0
> 2017/08/04 10:14:05| Squid plugin modules loaded: 0
> 2017/08/04 10:14:05| Adaptation support is off.
> 2017/08/04 10:14:05| Accepting HTTP Socket connections at local=[::]:3128
> remote=[::] FD 19 flags=9
> 2017/08/04 10:14:05| WARNING: session #2 exited
> 2017/08/04 10:14:05| Too few session processes are running (need 1/5)
> 2017/08/04 10:14:05| Closing HTTP port [::]:3128
> 2017/08/04 10:14:05| storeDirWriteCleanLogs: Starting...
> 2017/08/04 10:14:05|   Finished.  Wrote 0 entries.
> 2017/08/04 10:14:05|   Took 0.00 seconds (  0.00 entries/sec).
> FATAL: The session helpers are crashing too rapidly, need help!
>
>
> My squid.conf file is as follows:
> acl localnet src 10.0.2.0/16
> acl localnet src 10.0.3.0/16
>
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> http_access allow localhost manager
> http_access deny manager
> http_access allow localnet
> http_access allow localhost
> http_access deny all
> http_port 3128
> coredump_dir /var/spool/squid
>
> ## addition for splash page active##
> external_acl_type session ipv4 concurrency=100 ttl=3 %SRC
> /usr/lib/squid/ext_session_acl -T 60 -b /var/lib/squid/session.db
> acl session_login external session LOGIN
> acl session_is_active external session
> acl clicked_login_url url_regex -i
> ^https://www.drdo.gov.in/drdo/English/index.jsp$
> http_access allow clicked_login_url session_login
> http_access deny !session_is_active
> deny_info 511:/etc/squid3/splash.html session_is_active
>
>
> Pls tell me what going wrong??
>


First massive problem is the helpers existing. They should not be doing
that until Squid kills them on reconfigure or shutdown.

Check the helpers session DB (/var/lib/squid/session.db) has been
properly initialized and the helpers are able to both read and write to
it when run by Squid with its low-privilege user account - on Ubuntu
that should be the user account "proxy".



Second major problem (not causing you problem yet, but it will) is that
you placed the splash page config *after* the "http_access deny all"
line. So none of it will actually ever do anything.

The lines where it says:
   http_access allow localnet
   http_access allow localhost

are in a section of the config for local policy rules. As you might
expect the default policy is to let localnet clients and localhost use
the proxy.
You can freely replace or add to those two lines with any settings you like.

FWIW: that is a bit clearer in the 3.5 default config file. You can
replace the 3.3 config with the 3.5 updated version if you want:
  <https://wiki.squid-cache.org/Squid-3.5#Squid-3.5_default_config>

To use the splash page stuff remove the "allow localnet" line and paste
the splash config just below where it says "INSERT YOUR OWN RULE(S) HERE"


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...