+ Responder ao Tópico



  1. #1

    Padrão Log estranho Squid

    estou recebendo esse log direto:

    1221581369.299 7 10.0.1.69 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581369.499 0 10.0.1.40 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581369.638 1 10.0.1.34 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581369.642 4 10.0.1.69 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581369.907 0 10.0.1.40 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581369.908 1 10.0.1.34 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.049 4 10.0.1.69 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.315 0 10.0.1.40 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.317 1 10.0.1.34 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.378 5 10.0.1.69 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.645 1 10.0.1.34 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.700 0 10.0.1.40 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.705 4 10.0.1.69 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581370.974 1 10.0.1.34 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html
    1221581371.031 0 10.0.1.40 TCP_DENIED/400 2325 GET error:invalid-request - NONE/- text/html

    o ip 10.0.1.40 está fora do proxy como o meu 10.0.1.36.
    o ip 10.0.1.69 está configurado normal para acessar o proxy e nesse momento estou na frente dele e ele não está acessando nada.
    0 ip 10.0.1.34 tb está configurado corretamente para o proxy como todas as outras máquinas da rede....

    alguém tem idéia que erro é esse??

  2. #2

    Padrão

    você tem acl para algum tipo de controle?

  3. #3

    Padrão

    tenho mas por ip não....segue meu squid.conf:

    #NOME DO SERVIDOR#####################################################
    visible_hostname DebianLinux
    ######################################################################
    #IP+PORTA USADA ####################################################
    http_port 10.0.1.254:3128
    ######################################################################
    icp_port 0
    ######################################################################
    #CACHE USADO-METADE DA RAM)###########################################
    cache_mem 128 MB
    ######################################################################
    #Cache Swap###########################################################
    cache_swap_low 80
    cache_swap_high 90
    ######################################################################
    #OBJECT_SIZE##########################################################
    maximum_object_size 8192 KB
    minimum_object_size 0 KB
    #tamanho máximo dos objetos alocados na memória.
    maximum_object_size_in_memory 256 KB
    ######################################################################
    #DIRETORIOS DO CACHE MULTIPLOS########################################
    cache_dir aufs /var/cachesquid1 1400000 128 512
    #cache_dir aufs /var/cachesquid2 2900 128 512
    #cache_dir aufs /var/cachesquid3 2900 128 512
    #cache_dir aufs /var/cachesquid4 2900 128 512
    #cache_dir aufs /var/cachesquid5 2900 128 512
    #####################################################################
    #LOGS################################################################
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    #####################################################################
    #REGRA AUTENTICACAO
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 3
    authenticate_ttl 10 minutes
    authenticate_ip_ttl 0
    ####################################################################
    request_body_max_size 0 MB
    ####################################################################
    #ACL's########################################################
    #SITES QUE NÃO PRECISAM DE AUTENTICACAO COM SENHA
    acl NO_AUTH url_regex -i '/etc/squid/no_auth_url'
    http_access allow NO_AUTH
    #################################################
    #SITES BLOQUEADOS PARA QUALQUER USUARIO
    acl BLOCK url_regex -i '/etc/squid/bloqueados'
    http_access deny BLOCK
    #################################################
    #MSN SÓ PARA USUARIOS DESSA ACL##################
    acl bloqueiamsn url_regex -i "/etc/squid/bloqueiamsn"
    acl g_liberado proxy_auth alisson neide ademario luiz.roma marinalvaxp natasha fernando rmartins inspetor junior
    http_access deny bloqueiamsn !g_liberado
    #################################################
    ##### BLOQUEIO DE DOWNLOAD DAS EXTENSOES ABAIXO##
    acl EXTENSOES url_regex -i \.arj \.mp3 \.bat \.pif \.scr \.src \.wma \.avi \.wmv \.pps \.ppt
    http_access deny EXTENSOES
    #################################################
    #REGRAS GERAIS###################################
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 4243 563
    acl Safe_ports port 80 21 443 563 70 210 1025-65535
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    #SITES QUE NÃO ENTRAM NO CACHE###################
    acl NO_CACHE url_regex -i '/etc/squid/no_cache_url'
    no_cache deny NO_CACHE

  4. #4

    Padrão

    continuando:

    #################################################
    #AUTENTICAÇÕES POR USUARIO#######################
    #USER:Fernando
    acl u_fernando proxy_auth fernando
    #Natasha
    acl u_natasha proxy_auth natasha
    #USER:Ademario
    acl u_ademario proxy_auth ademario
    #USER:Alex
    acl u_alexsandro.silva proxy_auth alexsandro.silva
    #USER: alisson
    acl u_alisson proxy_auth alisson
    #USER: Denilson
    acl u_denilson proxy_auth denilson
    #USER: Misterlan
    acl u_misterlan proxy_auth misterlan
    #USER: neide
    acl u_neide proxy_auth neide
    #USER: hiltevan
    acl u_hiltevan proxy_auth hiltevan
    #USER: Haila
    acl u_haila proxy_auth haila
    #USER: Georgy
    acl u_georgy proxy_auth georgy
    #USER: roze
    acl u_roze proxy_auth roze
    #acl u_georgy proxy_auth georgy
    #USER: edno
    acl u_edno proxy_auth edno
    #USER: saul
    acl u_saul proxy_auth saul
    #USER:diego
    acl u_diego proxy_auth diego
    #USER: Luiz Roma
    acl u_luiz.roma proxy_auth luiz.roma
    #USER: Neomar
    acl u_neomar proxy_auth neomar
    #USER: Mariana
    acl u_mariana proxy_auth mariana
    #USER: Marinalva
    acl u_marinalvaxp proxy_auth marinalvaxp
    #User: inspetor
    acl u_inspetor proxy_auth inspetor
    #User: teste
    acl u_teste proxy_auth teste
    #User: teste
    acl u_rmartins proxy_auth rmartins
    #User: teste
    acl u_tadeu proxy_auth tadeu
    #User: Junior
    acl u_junior proxy_auth junior


    #ACLS DE AUTENTICAO(O QUE PODE E O QUE NÃO PODE ACESSAR)##########
    #USER: inspetor
    acl u_inspetor_url_allow url_regex -i "/etc/squid/u_inspetor_allow"
    http_access allow u_inspetor u_inspetor_url_allow
    acl u_inspetor_url_deny url_regex -i "/etc/squid/u_inspetor_deny"
    http_access deny u_inspetor u_inspetor_url_deny
    ##################################################################
    #USER: ADEMARIO
    acl u_ademario_url_allow url_regex -i "/etc/squid/u_ademario_allow"
    http_access allow u_ademario u_ademario_url_allow
    ###################################################################
    #USER: ALEX
    acl u_alexsandro.silva_url_allow url_regex -i "/etc/squid/u_alex_allow"
    http_access allow u_alexsandro.silva u_alexsandro.silva_url_allow
    acl u_alexsandro.silva_url_deny url_regex -i "/etc/squid/u_alex_deny"
    http_access deny u_alexsandro.silva u_alexsandro.silva_url_deny
    ######################################################################
    #USER:ALISSON
    acl u_alisson_url_allow url_regex -i "/etc/squid/u_alisson_allow"
    http_access allow u_alisson u_alisson_url_allow
    acl u_alisson_url_deny url_regex -i "/etc/squid/u_alisson_deny"
    http_access deny u_alisson u_alisson_url_deny
    #####################################################################
    #USERIEGO
    acl u_diego_url_allow url_regex -i "/etc/squid/u_diego_allow"
    http_access allow u_diego u_diego_url_allow
    acl u_diego_url_deny url_regex -i "/etc/squid/u_diego_deny"
    http_access deny u_diego u_diego_url_deny
    #####################################################################
    #USERENILSON
    acl u_denilson_url_allow url_regex -i "/etc/squid/u_denilson_allow"
    http_access allow u_denilson u_denilson_url_allow
    acl u_denilson_url_deny url_regex -i "/etc/squid/u_denilson_deny"
    http_access deny u_denilson u_denilson_url_deny
    #####################################################################
    #USER: EDNO
    acl u_edno_url_allow url_regex -i "/etc/squid/u_edno_allow"
    http_access allow u_edno u_edno_url_allow
    acl u_edno_url_deny url_regex -i "/etc/squid/u_edno_deny"
    http_access deny u_edno u_edno_url_deny
    ######################################################################
    #USER:GEORGY
    acl u_georgy_url_allow url_regex -i "/etc/squid/u_georgy_allow"
    http_access allow u_georgy u_georgy_url_allow
    #acl u_georgy_url_deny url_regex -i "/etc/squid/u_georgy_deny"
    #http_access deny u_georgy u_georgy_url_deny
    ######################################################################
    #USER:MISTERLAN
    acl u_misterlan_url_allow url_regex -i "/etc/squid/u_misterlan_allow"
    http_access allow u_misterlan u_misterlan_url_allow
    acl u_misterlan_url_deny url_regex -i "/etc/squid/u_misterlan_deny"
    http_access deny u_misterlan u_misterlan_url_deny
    #####################################################################
    #USER:NATASHA
    acl u_natasha_url_allow url_regex -i "/etc/squid/u_natasha_allow"
    http_access allow u_natasha u_natasha_url_allow
    acl u_natasha_url_deny url_regex -i "/etc/squid/u_natasha_deny"
    http_access deny u_natasha u_natasha_url_deny
    #####################################################################
    #USER:LUIZ ROMA
    acl u_luiz.roma_url_allow url_regex -i "/etc/squid/u_luiz.roma_allow"
    http_access allow u_luiz.roma u_luiz.roma_url_allow
    acl u_luiz.roma_url_deny url_regex -i "/etc/squid/u_luiz.roma_deny"
    http_access deny u_luiz.roma u_luiz.roma_url_deny
    #####################################################################
    #USER:MARIANA
    acl u_mariana_url_allow url_regex -i "/etc/squid/u_mariana_allow"
    http_access allow u_mariana u_mariana_url_allow
    acl u_mariana_url_deny url_regex -i "/etc/squid/u_mariana_deny"
    http_access deny u_mariana u_mariana_url_deny
    #####################################################################
    #USER:ROSE
    acl u_rose_url_allow url_regex -i "/etc/squid/u_rose_allow"
    http_access allow u_roze u_rose_url_allow
    #acl u_rose_url_deny url_regex -i "/etc/squid/u_rose_deny"
    #http_access deny u_roze u_rose_url_deny
    #####################################################################
    #USER: SAUL
    acl u_saul_url_allow url_regex -i "/etc/squid/u_saul_allow"
    http_access allow u_saul u_saul_url_allow
    acl u_saul_url_deny url_regex -i "/etc/squid/u_saul_deny"
    http_access deny u_saul u_saul_url_deny
    #####################################################################
    #USER:HAILA
    acl u_haila_url_allow url_regex -i "/etc/squid/u_haila_allow"
    http_access allow u_haila u_haila_url_allow
    acl u_haila_url_deny url_regex -i "/etc/squid/u_haila_deny"
    http_access deny u_haila u_haila_url_deny
    #####################################################################
    #USER:HILTEVAN
    acl u_hiltevan_url_allow url_regex -i "/etc/squid/u_hiltevan_allow"
    http_access allow u_hiltevan u_hiltevan_url_allow
    acl u_hiltevan_url_deny url_regex -i "/etc/squid/u_hiltevan_deny"
    http_access deny u_hiltevan u_hiltevan_url_deny
    #####################################################################
    #USER:NEIDE
    acl u_neide_url_allow url_regex -i "/etc/squid/u_neide_allow"
    http_access allow u_neide u_neide_url_allow
    acl u_neide_url_deny url_regex -i "/etc/squid/u_neide_deny"
    http_access deny u_neide u_neide_url_deny
    #####################################################################
    #USER:ROGERIO
    acl u_rmartins_url_allow url_regex -i "/etc/squid/u_rogerio_allow"
    http_access allow u_rmartins u_neide_url_allow
    acl u_rmartins_url_deny url_regex -i "/etc/squid/u_rogerio_deny"
    http_access deny u_rmartins u_rmartins_url_deny
    #####################################################################
    #USER:NEOMAR
    acl u_neomar_url_allow url_regex -i "/etc/squid/u_neomar_allow"
    http_access allow u_neomar u_neomar_url_allow
    acl u_neomar_url_deny url_regex -i "/etc/squid/u_neomar_deny"
    http_access deny u_neomar u_neomar_url_deny
    #####################################################################
    #USER:MARINALVA######################################################
    acl u_marinalvaxp_url_allow url_regex -i "/etc/squid/u_marinalvaxp_allow"
    http_access allow u_marinalvaxp u_marinalvaxp_url_allow
    #acl u_marinalvaxp_url_deny url_regex -i "/etc/squid/u_marinalvaxp_deny"
    #http_access deny u_marinalvaxp u_marinalvaxp_url_deny
    ####################################################################
    #USER: TADEU########################################################
    acl u_tadeu_url_allow url_regex -i "/etc/squid/u_tadeu_allow"
    http_access allow u_tadeu u_tadeu_url_allow
    acl u_tadeu_url_deny url_regex -i "/etc/squid/u_tadeu_deny"
    http_access deny u_tadeu u_tadeu_url_deny
    ####################################################################
    #JUNIOR SANTOS######################################################
    acl u_junior_url_allow url_regex -i "/etc/squid/u_junior_allow"
    http_access allow u_junior u_junior_url_allow
    acl u_junior_url_deny url_regex -i "/etc/squid/u_junior_deny"
    http_access deny u_junior u_junior_url_deny
    #####################################################################
    #LIBERAR AUTENTICACAO################################################
    acl autenticados proxy_auth REQUIRED
    http_access allow autenticados
    #####################################################################
    #BLOQUEIA TUDO#######################################################
    http_access deny all
    #####################################################################
    icp_access allow all
    miss_access allow all
    cache_mgr root
    memory_pools on
    #####################################################################


    estava tudo normal do nada começou a aparecer isso só em algumas máquinas...minhas acls são por usuários e não por ips até porque minha rede é dhcp não posso controlar nada por ip.

  5. #5

    Padrão

    as máquinas que estão apresentando esse problema por conhecidência estão com o anti vírus nod32 3.0 as demais estão com o nod32 2.x será que pode ser isso?


    fiz um teste, removi o nod32 3.0 da máquina de IP 10.0.1.69 e deixei...tem 10 minutos que o ip dela não aparece mais com o erro...só as outras...então se for o anti vírus, o que fazer para o nod32 funcionar visto que o 2.x funciona normal na rede e atualiza?

  6. #6

    Padrão

    veja que tipo de acesso o nod32 3.0 está fazendo, é bem provável que você esteja barrando isso.

  7. #7

    Padrão

    já coloquei no proxy do nod meu usuário e senha do proxy que acessa tudo e nada...outra coisa, como faço para descobrir quais servidores ele está usando pois pode ter mudado mas mesmo assim como coloquei usuário e senha era para aceitar.

    não entendi muito bem no que vc disse a respeito que tipo de acesso, como vejo?

  8. #8

    Padrão

    exatamente o que você disse, tem que ver quais servidores ele está acessando.

    veja nos logs do squid.

    pega uma maquina, deixa ela sem nenhum tipo de bloqueio no squid e veja onde ele conecta.

  9. #9

    Padrão

    a minha não tem nenhum bloqueio mas no access.log não mostra quais servidores...só mostra os erros que te passei agora.

  10. #10

    Padrão

    fiquei ontem até tarde olhando os logs para ver quais servidores o nod32 estava utilizando para atualizar...então do nada um dos servidores começou a atualizar:


    1221726261.763 1020 10.0.1.1 TCP_CLIENT_REFRESH_MISS/200 3031 GET http://u38.eset.com/eset_eval/update.ver - DIRECT/89.202.149.48 application/octet-stream
    1221726263.538 1222 10.0.1.1 TCP_MISS/200 14113 GET http://u38.eset.com/eval/engine3/em001_32_n1.nup - DIRECT/89.202.149.48 application/octet-stream
    1221726263.960 422 10.0.1.1 TCP_MISS/200 7309 GET http://u38.eset.com/eval/engine3/em002_32_n2.nup - DIRECT/89.202.149.48 application/octet-stream


    só que esse servidor está com o nod 3.0 que está dando problema em outras máquiunas....só que foi instalado tem um tempinho já...e o proxy não está configurado dentro do nod só no navegador então porque ele não está apresentando o problema?


    quando fui na máquina que estava dando erro: ip 10.0.1.34 ontem vi que ela não estava mais atualizando tentanva atualizar e ficava parada...então coloquei usuário+senha meu do proxy e até agora ela não está dando mais erro....


    o que está estranho é que só algumas máquinas e as que estou instalando atualmente o nod32 está dando esse problema pois instalei em uma hoje e começou a dar o problema só parou depois que coloquei o usuário+senha mas o server por exemplo não tem usuário senha e está normal.

  11. #11
    MODERADOR-CHEFE Avatar de osmano807
    Ingresso
    Aug 2008
    Localização
    Araguari - Minas Gerais
    Posts
    1.980
    Posts de Blog
    5

    Padrão

    Aqui em casa também tenho o nod v3.0, mas parou de atualizar faz meses. Mas é pirata mesmo...

  12. #12

    Padrão

    cara..

    você precisa analisar essas suas acl's, uma delas está barrando.

    você tem uma porra da de acl, porque você não simplifica isso?

  13. #13

    Padrão

    porque minha política é por usuário e não por grupo...tem alguma idéia para fazer por usuário de outra forma mais simples?