LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Heavy logs Creation In squid access logs
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-16-2017, 02:19 AM   #1
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 16

Rep: Reputation: Disabled
Heavy logs Creation In squid access logs

Hi,

While monitoring my squid server access logs I had noticed heavy
logs creation through multiple IPs

Following is the logs
Quote:
1502867095.990 0 10.1.228.249 NONE/400 10326 GET http://209.58.139.151:10001/?valid=null&count=12860&case=unknown_case&source=160by2_2.7&eid=knlhpefpakgilecjmidpainkjlclbpej&ver sion=160by2_2.7&email=%3C!DOCTYPE%20html%20PUBLIC%20%22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20to%20retrieve%20the%20URL:%20%3Ca%20href=%22http://209.58.139.151:10001/?valid=null&count=12859&case=unknown_case&source=160by2_2.7&eid=knlhpefpakgilecjmidp ainkjlclbpej&version=160by2_2.7&email=%3C!DOCTYPE%20html%20PUBLIC%20%22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20to%20retrieve%20the%20URL:%20%3Ca%20href=%22http://209.58.139.151:10001/?valid=null&count=12858&case=unknown_case&source=160by2_2.7&eid=knlh pefpakgilecjmidpainkjlclbpej&version=160by2_2.7&email=%3C!DOCTYPE%20html%20PUBLIC%20 %22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20to%20retrieve%20the%20URL:%20%3Ca%20href=%22http://209.58.139.151:10001/?valid=null&count=12857&case=unknown_case&source=160by2_2.7& amp;amp;eid=knlhpefpakgilecjmidpainkjlclbpej&version=160by2_2.7&email=%3C!DO CTYPE%20html%20PUBLIC%20%22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20to%20retrieve%20the%20URL:%20%3Ca%20href=%22http://209.58.139.151:10001/?valid=null&count=12856&case=unknown_case&source=160 by2_2.7&eid=knlhpefpakgilecjmidpainkjlclbpej&version=160by2_2.7& amp;amp;amp;email=%3C!DOCTYPE%20html%20PUBLIC%20%22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20%22%3Ehttp://209.58.139.151:10001/?valid=null&count=12859&case=unknown_case&source=160by2_2.7&eid=knlhpefpakgilecjmidp ainkjlclbpej&version=160by2_2.7&email=%3C!DOCTYPE%20html%20PUBLIC%20%22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20to%20retrieve%20the%20URL:%20%3Ca%20href=%22http://209.58.139.151:10001/?valid=null&count=12858&case=unknown_case&source=160by2_2.7&eid=knlh pefpakgilecjmidpainkjlclbpej&version=160by2_2.7&email=%3C!DOCTYPE%20html%20PUBLIC%20 %22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20URL%20could%20not%20be%20retrieved%3C/h2%3E%3C/div%3E%3Chr%3E%3Cdiv%20id=%22content%22%3E%3Cp%3EThe%20following%20error%20was%20encountered%20while %20trying%20to%20retrieve%20the%20URL:%20%3Ca%20href=%22http://209.58.139.151:10001/?valid=null&count=12857&case=unknown_case&source=160by2_2.7& amp;amp;eid=knlhpefpakgilecjmidpainkjlclbpej&version=160by2_2.7&email=%3C!DO CTYPE%20html%20PUBLIC%20%22-//W3C//DTD%20HTML%204.01//EN%22%20%22http://www.w3.org/TR/html4/strict.dtd%22%3E%3Chtml%3E%3Chead%3E%3Cmeta%20http-equiv=%22Content-Type%22%20content=%22text/html;%20charset=utf-8%22%3E%3Ctitle%3EERROR:%20The%20requested%20URL%20could%20not%20be%20retrieved%3C/title%3E%3Cstyle%20type=%22text/css%22%3E%3C!--%20%20body:lang(fa)%20{%20direction:%20rtl;%20font-size:%20100%;%20font-family:%20Tahoma,%20Roya,%20sans-serif;%20float:%20right;%20}:lang(he)%20{%20direction:%20rtl;%20float:%20right;%20}%20--%3E%3C/style%3E%3C/head%3E%3Cbody%3E%3Cdiv%20id=%22titles%22%3E%3Ch1%3EERROR%3C/h1%3E%3Ch2%3EThe%20requested%20UR
these type of logs are generating from various IP address
which resulted in high hard disk space utilization of squid logs
A day space utilization of access.log file amount to around 8GB whereas before this problem access.log file utilize only 4-6GB space for a week

how to resolve this problem as it leads to harddisk space problem in our Server
 
Old 08-16-2017, 02:24 AM   #2
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 16

Original Poster
Rep: Reputation: Disabled
Following is my squid.conf configuration file
Quote:
#/ NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 80
icp_port 0 # by default port is 3130, set to 0 to accelerate

# PEER CACHE SERVER
#------------------------------------------------------------------------------
#hierarchy_stoplist cgi-bin ? jsp asp
#acl QUERY urlpath_regex cgi-bin \?


#THE CACHE SIZE
# -----------------------------------------------------------------------------
max_filedescriptors 8192
maximum_object_size 5048 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
#LOG FILE PATHNAMES & CACHE DIRECTORIES
#------------------------------------------------------------------------------
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir aufs /var/spool/squid 8000 16 256
#logformat squid %tl.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
cache_access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#cache_mem 0MB
cache_mem 500 MB
# SUPPORT FOR EXTERNAL FUNCTIONS
#------------------------------------------------------------------------------

#######To allow website www.iirs.gov.in ####### -Date 17 July 2013
via off
forwarded_for delete
#######To allow website www.iirs.gov.in ####### -Date 17 July 2013

dns_nameservers 172.16.104.51
#dns_namedservers 172.16.104.41
#authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
authenticate_ip_ttl 60 seconds #duplicate users
#authenticate_ip_ttl_is_strict on
# TUNING THE CACHE
# -----------------------------------------------------------------------------
# TIMEOUTS
#------------------------------------------------------------------------------
connect_timeout 150 seconds
client_lifetime 500 minutes
half_closed_clients off #connection closed if client shutdown
pconn_timeout 60 seconds #timeout for ideal connections
# ACCESS CONTROL LISTS
#------------------------------------------------------------------------------
#acl ncsa_users proxy_auth REQUIRED

#------------------------------------------------------------------------------


#Allow everything for goverment sites. Script created on 24-06-11 by Mr. Kapil
acl govtsites src 10.0.0.0/8 172.16.0.0/16
acl gov dstdom_regex "/etc/squid/gov"
http_access allow govtsites gov

acl vlan4 src 10.0.0.0/8
acl vlan4 src 172.16.107.0/24
acl vlan4 src 172.16.106.0/24
#acl vlan4 src 172.16.105.0/24

#tcp_outgoing_address 172.16.104.31 vlan4
tcp_outgoing_address 172.16.105.31 vlan4

acl vlan5 src 172.16.21.0/24
acl vlan5 src 172.16.22.0/24
acl vlan5 src 172.16.23.0/24
acl vlan5 src 172.16.24.0/24
acl vlan5 src 172.16.25.0/24
acl vlan5 src 172.16.26.0/24
acl vlan5 src 172.16.27.0/24
acl vlan5 src 172.16.28.0/24
acl vlan5 src 172.16.29.0/24
acl vlan5 src 172.16.30.0/24
acl vlan5 src 172.16.31.0/24
acl vlan5 src 172.16.32.0/24
acl vlan5 src 172.16.33.0/24
tcp_outgoing_address 172.16.105.31 vlan5

tcp_outgoing_address 172.16.104.31 all


#ACL for Allowed IPs of e-procurement

acl stg1 src "/etc/squid/PolicyObjects/eprocurement_PC_allow"
reply_body_max_size 10 GB stg1
http_access allow stg1

#acl all src all

acl stg src 172.16.106.65/32, 10.1.148.174/32, 172.16.24.91/32,
reply_body_max_size 20 GB stg
http_access allow stg

acl stg_log_ip src 172.16.106.65/32,
log_access deny stg_log_ip

#reply_body_max_size 20 MB all


acl vayam src 10.2.6.8/32, 172.16.107.116/32
acl local dstdomain .vayamtech.com
http_access allow vayam local

acl siteblock src 10.1.250.254/32, 10.1.253.252/32, 10.1.234.224/32, 10.1.240.218/32, 10.1.237.251/32, 10.1.245.227/32, 10.2.6.8/32, 10.1.253.232/32, 172.16.33.15/32
acl egov1 time 15:01-23:59
acl egov2 time 00:00-12:59
http_access deny siteblock egov1
http_access deny siteblock egov2

#---------ACL FOR scopees.elsevier.com Add on 8Jan.2014 Requested by jatender Sir-----#
acl siteblock1 src 172.16.21.0-172.16.33.0/24
acl nknblock dstdomain .wileyonlinelibrary.com
http_reply_access deny siteblock1 nknblock

#----ACL for Allowing mginger.com for a Particular Sudhir Sir IP DATED 07March2014 --------#
acl allowsite dstdomain .mginger.com, .youtube.com
acl allowip src 10.1.228.249/32, 10.1.247.221/32
http_access allow allowsite allowip

#----ACL for Allowing A website for complete videos 10 Dec 2015 --------#
#acl allowedusite dstdomain .361dm.com
#acl allowNetwork src 172.16.107.0/24
#reply_body_max_size 10 GB allowNetwork
#http_access allow allowedusite allowNetwork

#---------ACL for yahoo.com-----------------#
acl testurl dstdomain .yahoo.com
http_access allow testurl
#---------ACL for yahoo.com-----------------#

#------------------------Good URLs to Allow-------------------------------
acl goodUrl dstdomain .****.org
acl goodUrl dstdomain .****.gov.in
acl goodUrl dstdomain .nrsc.gov.in
acl goodUrl dstdomain .landcover.org
acl goodUrl dstdomain .usgs.gov.in
acl goodUrl dstdomain .yimg.com # Allow Url on Date 25-08-2011 On user Request
#acl goodUrl dstdomain .yahoo.com
acl goodUrl dstdomain .airtel.in
acl goodUrl dstdomain .google.com
#acl goodurl dstdomain .bit.ly/1Ra9DXq
acl goodurl dstdomain .gmail.com
acl goodUrl dstdomain .rediff.com
acl goodUrl dstdomain .forestgamespb.com
acl goodUrl dstdomain helpbiotech.blogspot.com
acl goodUrl dstdomain paycommissionnews.blogspot.com
acl goodUrl dstdomain enggcollegeadmission.blogspot.com
acl goodUrl dstdomain rfri-demovillage.blogspot.com
acl goodUrl dstdomain .sussex.ac.uk
acl goodUrl dstdomain .ndtv.com
acl goodUrl dstdomain .tolicjorhat.blogspot.com
acl goodUrl dstdomain .blogger.com
acl goodUrl dstdomain 4.bp.blogspot.com
acl goodUrl dstdomain 3.bp.blogspot.com
#acl goodUrl dstdomain 2.bp.blogspot.com
acl goodUrl dstdomain .speakasiaonline.com
acl goodUrl dstdomain 164.100.194.5:8080
acl goodUrl dstdomain .skype.com
acl goodUrl dstdomain .90paisa.blogspot.com
acl goodUrl dstdomain .duckduckgo.com
acl goodUrl dstdomain .way2sms.com
acl goodUrl dstdomain vedvikas.blogspot.in
acl goodUrl dstdomain mail.lycos.com
acl goodUrl dstdomain ad.yieldmanager.com
acl goodUrl dstdomain .accti.in
acl goodUrl dstdomain .scopees.elsevier.com
acl goodUrl dstdomain .incometaxindiaefiling.gov.in
acl goodUrl dstdomain .cressexpress.org
acl goodUrl dstdomain .aiimsexams.org
acl goodUrl dstdomain .rajyasabha.nic.in
acl goodurl dstdomain .rajyasabha.nic.in/rsnew/Parliament_of_India.pdf
acl goodUrl dstdomain .alibaba.com
acl goodUrl dstdomain .youtube.com/embed/ZXFHxMRErDI?
acl goodUrl dstdomain .urvashisharmalucknow.blogspot.in
acl goodUrl dstdomain .editorialmanager.com
acl goodUrl dstdomain .cimap.res.in
acl goodUrl dstdomain .kotaksecurities.com
acl goodUrl dstdomain .msn.com
acl goodUrl dstdomain www8.hp.com
acl goodurl dstdomain www.interadsadvertising.com
#acl goodurl dstdomain .feedproxy.google.com
acl goodUrl dstdomain .outlook.office365.com
acl goodUrl dstdomain .ftp.iirs.gov.in
acl goodUrl dstdomain .outlook.live.com
acl goodUrl dstdomain .encrypted-tbn0.gstatic.com
acl goodUrl dstdomain .iuu.ac
acl goodUrl dstdomain .kea.kar.nic.in/cet_2017.htm
http_access allow goodUrl
#------------------------Good URLs to Allow-------------------------------


#------------------ NEW Rule FOR Time Base Access to blocked URLS-----------
#acl allowtime time MTWHF 11:00-12:00
#acl ipaddtoallow src 10.1.241.149/32
#http_access allow allowtime ipaddtoallow
#------------------ NEW Rule FOR Time Base Internet 04_Feb_2014------------


#---Allow Facebook in two host Ip in Each Instituteref: reference to letter No.4-53/IT/****/2013-14 dated the 16th March, 2016 -----------------------------#
acl urlToAccess dstdomain .facebook.com .twitter.com
acl ipToAccess src "/etc/squid/PolicyObjects/facebookips"
http_access allow urlToAccess ipToAccess
#----------------------------------------------------------------------------------#





#-------------------------suspecious URLs-word to Block location--------------------------------
acl badurl url_regex -i "/etc/squid/PolicyObjects/word"
http_access deny badurl

acl restrictedGroup url_regex "/etc/squid/PolicyObjects/restrictedGroup1"
http_access deny restrictedGroup

acl blockdomain dstdomain "/etc/squid/PolicyObjects/restricdomain"
http_access deny blockdomain


acl BadSites dstdomain "/usr/local/etc/restricted-sites.squid"
http_access deny BadSites
#-------------------------suspecious URLs-word to Block location --------------------------------



#------------------ NEW Rule Add for facebook Change 10-08-2010--------------------------------------
acl face dstdomain .facebook.com .twitter.com
acl mynet time MTWHF 9:00-17:30
http_access deny face mynet
#------------------ NEW Rule End for facebook Change 10-08-2010--------------------------------------


#------------------ Audio/Video Formats blocked --------------------#
acl mp3s url_regex -i \.mp3$
acl mp3s url_regex -i \.wav$
acl mp3s url_regex -i \.piff$
acl mp3s url_regex -i \.scr$
#acl mp3s url_regex -i \.avi$
#acl mp3s url_regex -i \.dat$
acl mp3s url_regex -i \.rm$
acl mp3s url_regex -i \.exe$
#acl mp3s url_regex -i \.mpeg$
acl mp3s url_regex -i \.asf$
acl mp3s url_regex -i \.divx$
acl mp3s url_regex -i \.dv$
acl mp3s url_regex -i \.gxf$
acl mp3s url_regex -i \.m2v$
acl mp3s url_regex -i \.m1v$
acl mp3s url_regex -i \.rm$
acl mp3s url_regex -i \.rmvb$
acl mp3s url_regex -i \.vob$
acl mp3s url_regex -i \.b4s$
acl mp3s url_regex -i \.vlc$
acl mp3s url_regex -i \.vob$
acl mp3s url_regex -i \.mp4$
acl mp3s url_regex -i \.crx$
acl mp3s url_regex -i \.xpi$

http_access deny mp3s
#------------------ Audio/Video Formats blocked --------------------#

#------------ACL For Google Docs-----------------------------#
acl urlToAccess dstdomain .fsigeoportal.gov.in
acl ipToAccess src 172.16.107.101/32
http_access allow urlToAccess ipToAccess
#------------------------------------------------------------#


#------ACL to allow particular IPBased Website After Ultra surf Blocking---------#

acl IpToAllow url_regex "/etc/squid/PolicyObjects/urlToallow"
http_access allow IpToAllow

acl RajyaSabhaIp url_regex http://164.100.47.[0-9]
http_access allow RajyaSabhaIp


acl allowedIp url_regex http://164.100.34.62, 172.16.104.37
http_access allow allowedIp

#------------ACL FOR Downloading Files More than 20MB 11-May-2015---------------------------#
acl geo src 10.1.227.250/32
reply_body_max_size 50 GB geo
http_access allow geo

#-------ACL for Blocking heavy Logs---------#
#acl IpToDeny url_regex "/etc/squid/PolicyObjects/urlToDeny"
#http_access deny IpToDeny



#------------ACL FOR Downloading Files---------------------------#


reply_body_max_size 200 MB all

#----ACL FOR SKYPE-------------#
acl skypetest url_regex 64.4.0.0/18
acl skypetest url_regex 65.52.0.0/14
http_access allow skypetest


#-----------------------Ultra Surf blocking------------------------#
acl ipbaseacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
http_access deny ipbaseacl
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
http_access deny numeric_IPs
#------------------------Ultra Surf Blocking-----------------------#




# Hotmail MSN Block
acl msn url_regex messenger.hotmail.com
http_access deny msn

acl messenger_site dstdomain .msg.yahoo.com
acl messenger_site dstdomain messenger.yahoo.com
#acl messenger_site dstdomain .skype.com
acl messenger_site dstdomain .imagine-msn.com/messenger
#acl messenger_site dstdomain .talk.google.com
#acl messenger_site dstdomain talkx.l.google.com:443
acl messenger_site dstdomain .ebuddy.com
http_access deny messenger_site

#-Default------------------------------------------------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563 1935 1953 8080 80 995 587 993 465 5523 5528 4244 5242 5222 5223 5228 5060
# http ftp https snews gopher wais http-mgmt filemaker multiling-http
#acl Safe_ports port 20 21 443 563 70 210 280 488 591 777
acl Safe_ports port 25 96 443 563 8080 5060 1935 1953 995 587 993 465 5523 5528 4244 5242 5222 5223 5228 80
acl Safe_ports port 1025-65535 # unregistered ports
acl broken_sites dstdomain .whatsapp.com # whatsapp
acl CONNECT method CONNECT
acl ftp_port port 20 21
#--------------------------------------------------------------------

http_access allow all

# Rules---------------------------------------------------------------
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
#http_access allow localhost
http_access deny all
icp_access deny all
#ident_lookup_access allow ident_hosts
#ident_lookup_access deny all
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
#cache_mgr servicedesk@****.org
#cachemgr_passwd servicedesk all
# CACHE REGISTRATION SERVICE
#------------------------------------------------------------------------------
# HTTPD ACCELERATOR OPTIONS
#------------------------------------------------------------------------------
#httpd_accel_host virtual
#httpd_accel_port 80
#visible_hostname proxy.****.org
visible_hostname internet.****.org
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
# MISCELLANEOUS
#------------------------------------------------------------------------------
client_db on
client_persistent_connections off
#debug_options ALL 1, 28,9
# DELAYPOOL PARAMETERS
#------------------------------------------------------------------------------
 
Old 08-16-2017, 04:14 AM   #3
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 16

Original Poster
Rep: Reputation: Disabled
Server : Redhat 6.4
Squid Version : squid 3.1.10
 
Old 08-16-2017, 08:52 AM   #4
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,521

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
You can either rotate the logs more frequently, or adjust the logformat to be shorter. https://wiki.squid-cache.org/Features/LogFormat

It looks like your server is encountering misconfigured web pages.
 
Old 09-22-2017, 01:03 AM   #5
asnani_satish
LQ Newbie
 
Registered: Aug 2009
Location: BHOPAL
Posts: 6

Rep: Reputation: 0
Continuos access to http://209.58.139.151:10001/?
Many of our squid clients are continuously accessing http://209.58.139.151:10001/?. What exactly is this site doing on port 10001 and how to avoid this?
 
Old 09-23-2017, 09:41 AM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 25,833

Rep: Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761Reputation: 7761
Quote:
Originally Posted by asnani_satish View Post
Many of our squid clients are continuously accessing http://209.58.139.151:10001/?. What exactly is this site doing on port 10001 and how to avoid this?
You need to read the LQ Rules...don't hijack someone elses thread with your own question. Open your own thread for your own question, and be sure to read the "Question Guidelines" and "How to ask a smart question" links as well.

Unless you provide actual details (version/distro of Linux, squid, what you've done/tried, etc.), we cannot help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Back up logs file and create a script showing the backed up logs and the running logs Billy_6052 Programming 5 12-13-2014 02:32 AM
How to Generate Reports of Access Logs in squid? danialnaeem Linux - General 1 05-09-2014 12:00 AM
access logs in squid proxy server amjadask Linux - Server 2 02-25-2011 04:12 AM
deleting squid access logs aliabbass Linux - Server 6 12-29-2010 11:01 PM
Squid Access Logs date wise the_gripmaster Linux - Software 1 10-03-2007 09:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:01 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration