On 28.03.2012 13:52, Spam Eater wrote:
> Hi,
>
> I am using squid as a transparent proxy, with the purpose of caching
> local content so I can save bandwidth and accellerate frequently used
> pages.
> My problem is that squid is permanently fetching content from the
> internet, and I don't know why.
> I have deleted, then recreated the cache dir with -z several times,
> but I always see traffic from squid with tcpdump.
> This is puzzling me. It seems to crawl to the most weird sites. I
> thought squid would only go to the internet after a user requests a
> page, but I have nobody connected to the server.
> I initially found it weird that the CPU was always working for squid
> (5%~10%) with no one connected, then I found this.
> Can someone please shed a light on the subject? I have researched the
> faq and wiki, but I might be looking with the wrong keywords... I
> found nothing on this matter.
Check your manager access "mgr:active_requests" report to see what
clients are connected and requesting things.
It could be quick_abort functionality completing a previous clients
requests in order to cache the response.
Or it could be a client is active doing a long request which is simply
not yet logged (happens on request completion, not start).
Or it could be an attacker got past your security controls and
relaying through the proxy.
Amos
Received on Wed Mar 28 2012 - 03:22:19 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 28 2012 - 12:00:04 MDT