Sobre o squid e o dansguardian. [RESOLVIDO]

iknaza
(usa Slackware)

Enviado em 28/10/2014 - 10:04h

Olá pessoal, é o seguinte montei um server com Centos rodando o squid com dansguardian... Porém estou com alguns problemas pois o meu log do squid não mostra o ip do cliente que está fazendo as requisições... e estou com uma máquina disparando multiplas requisições que estão travando meu servidor... segue abaixo o log do squid...


1414497725.537 0 74.91.21.62 TCP_DENIED/403 3910 GET http://g.adnxs.com/tt? - NONE/- text/html
1414497725.551 0 67.198.212.204 TCP_DENIED/403 3938 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.572 0 104.166.84.103 TCP_DENIED/403 3854 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.592 0 104.166.70.221 TCP_DENIED/403 3806 GET http://ads.deliads.com/tt? - NONE/- text/html
1414497725.599 0 104.166.80.167 TCP_DENIED/403 3834 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.645 0 67.229.228.131 TCP_DENIED/403 3780 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.659 0 104.166.70.214 TCP_DENIED/403 3835 GET http://ads.deliads.com/tt? - NONE/- text/html
1414497725.711 0 67.229.235.62 TCP_DENIED/403 3960 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.722 0 67.198.128.134 TCP_DENIED/403 3825 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.734 0 67.198.142.147 TCP_DENIED/403 3852 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.745 0 67.198.215.125 TCP_DENIED/403 3860 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.751 0 107.151.233.35 TCP_DENIED/403 3889 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.769 0 67.198.129.133 TCP_DENIED/403 3989 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.787 0 67.198.204.253 TCP_DENIED/403 3959 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.788 0 67.229.49.91 TCP_DENIED/403 3858 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.830 0 67.198.142.150 TCP_DENIED/403 3746 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497725.846 0 74.91.23.187 TCP_DENIED/403 3761 GET http://g.adnxs.com/tt? - NONE/- text/html
1414497725.854 0 104.166.83.70 TCP_DENIED/403 3753 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.886 0 104.166.84.116 TCP_DENIED/403 3680 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.913 0 104.166.83.169 TCP_DENIED/403 3914 GET http://ads.deliads.com/tt? - NONE/- text/html
1414497725.917 0 104.166.70.215 TCP_DENIED/403 3916 GET http://ads.deliads.com/tt? - NONE/- text/html
1414497725.945 0 104.166.84.104 TCP_DENIED/403 3921 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.953 0 67.229.228.134 TCP_DENIED/403 3917 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.986 0 104.166.79.203 TCP_DENIED/403 3753 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497725.994 0 67.229.104.133 TCP_DENIED/403 3846 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.028 0 104.166.80.73 TCP_DENIED/403 3907 GET http://anx.batanga.net/tt? - NONE/- text/html
1414497726.031 1 67.229.69.149 TCP_DENIED/403 3877 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.071 0 104.166.74.52 TCP_DENIED/403 3753 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497726.095 0 67.198.139.166 TCP_DENIED/403 3851 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.098 0 104.166.80.155 TCP_DENIED/403 3948 GET http://ads.deliads.com/tt? - NONE/- text/html
1414497726.109 0 67.229.65.36 TCP_DENIED/403 3956 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.134 0 67.229.60.171 TCP_DENIED/403 3859 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.165 0 64.187.157.58 TCP_DENIED/403 3803 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.169 0 67.198.128.133 TCP_DENIED/403 3988 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.176 0 67.198.212.133 TCP_DENIED/403 3812 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.191 0 64.187.156.5 TCP_DENIED/403 3838 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.214 0 67.198.141.93 TCP_DENIED/403 3945 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.238 0 67.229.62.59 TCP_DENIED/403 3762 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.243 0 23.251.35.64 TCP_DENIED/403 3711 GET http://ib.adnxs.com/tt? - NONE/- text/html
1414497726.250 0 67.229.50.77 TCP_DENIED/403 3877 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.284 0 67.229.60.139 TCP_DENIED/403 3964 GET http://anx.batanga.net/ttj">http://anx.batanga.net/ttj? - NONE/- text/html
1414497726.290 0 104.166.70.211 TCP_DENIED/403 3756 GET http://ads.deliads.com/tt? - NONE/- text/html
1414497726.291 0 74.91.25.85 TCP_DENIED/403 3911 GET http://g.adnxs.com/tt? - NONE/- text/html


queria saber se tem como o log mostrar qual máquina está fazendo essas requisições malucas...

fronimos
(usa Arch Linux)

Enviado em 28/10/2014 - 12:40h

Posta aqui por favor o .conf do squid

removido
(usa Nenhuma)

Enviado em 28/10/2014 - 13:23h

http://www.squid-cache.org/Doc/config/logformat/

iknaza
(usa Slackware)

Enviado em 28/10/2014 - 14:11h

http_port 127.0.0.1:3128 transparent
visible_hostname ikfirewall.br

cache_mem 2048 MB
#cache_mem 200 MB

maximum_object_size_in_memory 8192 KB
memory_replacement_policy lru
memory_pools_limit 1024 MB

no_cache deny all
cache_dir diskd /cache 120000 64 256 Q1=64 Q2=72

minimum_object_size 0 KB

###novas
#chunked_request_body_max_size 1024 KB
#log_fqdn off
#log_ip_on_direct on
#client_netmask 255.255.255.0
#forwarded_for truncate
#cache_replacement_policy head LFUDA
#logfile_rotate 10
#memory_pools off
maximum_object_size 50 MB
maximum_object_size_in_memory 50 KB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
#half_closed_clients off
#collapsed_forwarding on

logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat referrer %ts.%03tu %>a %{Referer}>h %ru
logformat useragent %>a [%tl] "%{User-Agent}>h"

cache_swap_low 90
cache_swap_high 95
access_log /log/access.log squid
cache_store_log /log/store.log
cache_log /log/cache.log
pid_filename /log/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 15 20% 4320
refresh_pattern -i (cgi-bin|\?) 0 0% 0

acl manager proto cache_object
acl localhost src 127.0.0.1
acl localnet src 192.168.0.0/24
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https,snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #swat
acl Safe_ports port 1025-65535 #portas altas
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL_ports port 443 563

##ACLS
acl palavrasproibidas url_regex -i "/ikfirewall/palavrasproibidas.txt"
acl sitespermitidos url_regex -i "/ikfirewall/dominiospermitidos.txt"
acl extensoesbloqueadas url_regex -i "/ikfirewall/extensoes.txt"
acl sitesbloqueados url_regex -i "/ikfirewall/dominiosbloqueados.txt"
acl redelocal src 192.168.0.0/24

#request_header_access Content-Length deny all
http_access allow manager localhost localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl_uses_indirect_client on

##Controle de acesso
http_access deny palavrasproibidas all
http_access deny sitesbloqueados all
http_access deny extensoesbloqueadas all
http_access allow sitespermitidos all
http_access allow localhost
http_access allow redelocal
follow_x_forwarded_for allow localhost
http_access deny all
error_directory /usr/share/squid/errors/pt-br
max_filedesc 4096

dns_nameservers 8.8.8.8 8.8.4.4

fronimos
(usa Arch Linux)

Enviado em 28/10/2014 - 15:02h

Tente tirar por favor as linhas do logformat e testa só pra eu tirar uma dúvida...

logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat referrer %ts.%03tu %>a %{Referer}>h %ru
logformat useragent %>a [%tl] "%{User-Agent}>h"

removido
(usa Nenhuma)

Enviado em 28/10/2014 - 15:22h

Adiciona:

logformat squid %ts.%03tu %6tr %>a %Ss/%03<Hs %<st %rm %ru %un %Sh/%<A %mt 

iknaza
(usa Slackware)

Enviado em 29/10/2014 - 11:41h

resolvi o problema...

coloquei no squid a tag: follow_x_forwarded_for allow localhost