[squid-users] SQUID 3.0 STABLE20 +DANSGUARDIAN transparent mode (file uploads brokens)

From: David Touzeau <david_at_touzeau.eu>
Date: Mon, 26 Apr 2010 01:40:14 +0200

Dear

I'm using Squid + dansguardian in transparent mode.
Squid and dansguardian are installed on the same computer.

When using Dansguardian and uploading files more than 8Mb after severals
seconds uploads are broked and navigators display a broken page error

Files under 8Mb are correctly uploaded.

Did anyone encounter the same problem ?

here it is the squid.conf :

auth_param basic credentialsttl 2 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 60 seconds
cache_effective_user squid
cache_effective_group squid
#--------- TWEEKS PERFORMANCES
memory_pools off
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

#--------- acls
acl malware_block_list url_regex -i "/etc/squid3/malwares.acl"
acl blockedsites url_regex "/etc/squid3/squid-block.acl"
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT
acl office_network src 192.168.1.0/24

#--------- MAIN RULES...
follow_x_forwarded_for allow localhost
# --------- SAFE ports
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 22 #ssh
acl Safe_ports port 443 563 #https, snews
acl Safe_ports port 1863 #msn
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 631 #cups
acl Safe_ports port 873 #rsync
acl Safe_ports port 901 #SWAT#
http_access deny malware_block_list
http_access deny blockedsites
http_access allow localhost
http_access deny !Safe_ports
http_access deny all
# --------- ident_lookup_access
hierarchy_stoplist cgi-bin ?

# --------- General settings
visible_hostname proxyweb

# --------- time-out
dead_peer_timeout 10 seconds
dns_timeout 2 minutes
peer_connect_timeout 3 minutes
connect_timeout 1600 seconds
persistent_request_timeout 3 minutes
pconn_timeout 1600 seconds

# --------- Objects limits
request_body_max_size 500 MB
reply_body_max_size 0
request_header_max_size 10 KB
maximum_object_size 300 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
# --------- timeouts

#http ports
http_port 23296 transparent

# --------- Caches
#cache_replacement_policy heap LFUDA
cache_mem 8 MB
cache_swap_high 90
cache_swap_low 95
# --------- DNS and ip caches
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

# --------- SPECIFIC DNS SERVERS
debug_options ALL,1
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
icp_port 3130

#Logs-------------------------------------------------
emulate_httpd_log on
coredump_dir /var/squid/cache
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
pid_filename /var/run/squid.pid
access_log /var/log/squid/access.log

cache_dir ufs /var/cache/squid 2000 16 256
# --------- OTHER CACHES

Here it is the main dansguardian configuration file :

reportinglevel = 3
groupname = 'Default rule'
languagedir = '/etc/dansguardian/languages'
language = 'ukenglish'
loglevel = 3
logexceptionhits = 2
logfileformat = 2
loglocation = '/var/log/dansguardian/access.log'
statlocation = '/var/log/dansguardian/stats'
#
#routing to squid proxy port : 23296 but local port is 3128
filterip =
filterport = 3128
proxyip = 127.0.0.1
proxyport = 23296
originalip = off
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = on
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = /etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
exceptionphraselist = '/etc/dansguardian/lists/exceptionphraselist'
exceptionsitelist = '/etc/dansguardian/lists/exceptionsitelist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
#downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
#downloadmanager = '/etc/dansguardian/downloadmanagers/trickle.conf'

#--------- AV/ICAP
contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
contentscannertimeout = 60
contentscanexceptions = off

recheckreplacedurls = off
forwardedfor = on
usexforwardedfor = on
logconnectionhandlingerrors = on
logchildprocesshandling = off

#auth plugins
authplugin='/etc/dansguardian/authplugins/ip.conf'

#--------- DAEMON
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0

ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
pidfilename = '/var/run/dansguardian.pid'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
daemonuser = squid
daemongroup = squid
softrestart = off
forkscanlength = 32768
Received on Sun Apr 25 2010 - 23:40:23 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 26 2010 - 12:00:06 MDT