SquidNT + rejik(режик поднимается но ничего не блокирует)

[Андрей]

здравствуйте.
сначала была проблема которая здесь как я потом нашел уже поднималась.
при запуске сквида из под командной строки режик поднимался а при запуске сквида как службы нет.
в логе режика следующее
[3876] MAKE-CACHE: ERROR: fcntl return error: Bad file descriptor
2008-03-24 15:20:38 [2616] MAKE-CACHE: ERROR: fcntl return error: Bad file descriptor
2008-03-24 15:20:38 [2032] MAKE-CACHE: ERROR: Can't open file c:/squid/etc/banlists/banners/lock.file: Permission denied

2008-03-24 15:20:38 [3292] MAKE-CACHE: ERROR: Can't open file c:/squid/etc/banlists/banners/lock.file: Permission denied

проблема была решена путем добавления прав lock.file "на все" и для всех.

теперь режик поднимается в обоих случаях, но однако в обоих случаях ничего не блокирует.

conf squid'a :

url_rewrite_program c:/squid/sbin/redirector.exe c:/squid/etc/redirector.conf
url_rewrite_children 5

log rejik'a:

2008-04-01 15:52:58 [5672] Run make-cache
2008-04-01 15:52:58 [5672] Make-cache finished
2008-04-01 15:52:58 [5672] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-01 15:52:58 [5672] Load 8 pattern from BANNER pcre
2008-04-01 15:52:58 [5672] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-01 15:52:58 [5672] Load 5 pattern from MP3 pcre
2008-04-01 15:52:58 [5672] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-01 15:52:58 [5672] Redirector start and working
2008-04-01 15:52:58 [5948] Run make-cache
2008-04-01 15:52:58 [5948] Make-cache finished
2008-04-01 15:52:58 [5948] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-01 15:52:58 [5948] Load 8 pattern from BANNER pcre
2008-04-01 15:52:58 [4200] Run make-cache
2008-04-01 15:52:58 [5948] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-01 15:52:58 [5948] Load 5 pattern from MP3 pcre
2008-04-01 15:52:58 [5948] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-01 15:52:58 [5948] Redirector start and working
2008-04-01 15:52:58 [5128] Waiting for make-cache finished
2008-04-01 15:52:58 [4200] Make-cache finished
2008-04-01 15:52:58 [5128] Make-cache finished detected, continue
2008-04-01 15:52:58 [5128] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-01 15:52:58 [5128] Load 8 pattern from BANNER pcre
2008-04-01 15:52:58 [1664] Run make-cache
2008-04-01 15:52:58 [5128] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-01 15:52:58 [5128] Load 5 pattern from MP3 pcre
2008-04-01 15:52:58 [5128] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-01 15:52:58 [5128] Redirector start and working
2008-04-01 15:52:58 [1664] Make-cache finished
2008-04-01 15:52:58 [1664] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-01 15:52:58 [1664] Load 8 pattern from BANNER pcre
2008-04-01 15:52:58 [1664] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-01 15:52:58 [1664] Load 5 pattern from MP3 pcre
2008-04-01 15:52:58 [1664] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-01 15:52:58 [1664] Redirector start and working

помогите пожалуйста чем могите заставить его работать.
спасибо.

[Slava]

1. Удалите логи режика.
2. Добавьте правило rejiktest.ru в один из листов (добавляйте фаром, концы строк должны быть юниксовые.
3. Запустите redirector, введите:
http://sex.ru 127.0.0.1/- - GET
нажмите enter
4. Пришлите логи и конфиг режика

[Андрей]

логи -
2008-04-03 15:52:01 [5392] Run make-cache
2008-04-03 15:52:01 [5392] Make-cache finished
2008-04-03 15:52:01 [5392] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-03 15:52:01 [5392] Load 8 pattern from BANNER pcre
2008-04-03 15:52:01 [5392] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-03 15:52:01 [5392] Load 5 pattern from MP3 pcre
2008-04-03 15:52:01 [5392] Load 2 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-03 15:52:01 [5392] Redirector start and working
2008-04-03 15:52:22 [5392] Error convert input string to input structure str=http://sex.ru 127.0.0.1/--GET

конфиг -
error_log c:/squid/var/logs/redirector.err
change_log c:/squid/var/logs/redirector.log
make-cache c:/squid/sbin/make-cache
allow_urls c:/squid/etc/allow_urls

work_ip 10.0.0.0/255.255.255.0

<BANNER>
ban_dir c:/squid/etc/banlists/banners
url http://127.0.0.1/ban//1x1.gif


<PORNO>
ban_dir c:/squid/etc/banlists/porno
url http://127.0.0.1/ban/porno.html


<MP3>
ban_dir c:/squid/etc/banlists/mp3
url http://127.0.0.1/ban/mp3.html


<JS>
ban_dir c:/squid/etc/banlists/js
url http://127.0.0.1/ban/js.js

[Slava]

А если подключить к свиду, что пишет в логи режика?
Покажите строчку из лога сквида, где видно, что вот это должно было блокироваться.
И почему это должно было блокироваться: такая-то секция, содержит такое-то правило итд.

[Андрей]

1205763135.890 65922 127.0.0.1 TCP_MISS/502 1287 GET http://www.localhost.com/ban/porno.html another DIRECT/10.11.12.13 text/html

вот это было в логе сквида когда режик редиректил
а щас -
1207301287.031 1188 127.0.0.1 TCP_REFRESH_HIT/304 332 GET http://porno.ru/ sonic DIRECT/194.87.11.112 -
1207301287.687 656 127.0.0.1 TCP_REFRESH_HIT/304 331 GET http://porno.ru/style.css sonic DIRECT/194.87.11.112 -
1207301287.796 15 127.0.0.1 TCP_IMS_HIT/304 377 GET http://porno.ru/js/talker.js sonic NONE/- application/x-javascript

[Андрей]

а у редиректора лог вообще пустой

[Андрей]

соответственно когда режик работал то в его логе были записи - 2008-03-13 14:32:58 PORNO: 127.0.0.1 onemore http://porno.ru/ (urls rule: porno.ru)
2008-03-13 14:33:09 PORNO: 127.0.0.1 onemore http://porno.com/ (urls rule: porno.com)
2008-03-13 14:33:10 PORNO: 127.0.0.1 onemore http://porno.com/favicon.ico (urls rule: porno.com)
2008-03-13 14:33:10 PORNO: 127.0.0.1 onemore http://porno.com/favicon.ico (urls rule: porno.com)

[Slava]

Подключите режик, покажите, что в логах режика и cachelog сквида

[Андрей]

cachelog -
2008/04/04 16:28:54| storeDirWriteCleanLogs: Starting...
2008/04/04 16:28:54| WARNING: Closing open FD 53
2008/04/04 16:28:54| Finished. Wrote 7516 entries.
2008/04/04 16:28:54| Took 0.1 seconds (68954.1 entries/sec).
2008/04/04 16:29:55| Starting Squid Cache version 2.6.STABLE18 for i686-pc-winnt...
2008/04/04 16:29:55| Running as Squid25_1 Windows System Service on Windows XP
2008/04/04 16:29:55| Service command line is:
2008/04/04 16:29:55| Process ID 5360
2008/04/04 16:29:55| With 2048 file descriptors available
2008/04/04 16:29:55| With 2048 CRT stdio descriptors available
2008/04/04 16:29:55| Windows sockets initialized
2008/04/04 16:29:55| Using select for the IO loop
2008/04/04 16:29:55| Performing DNS Tests...
2008/04/04 16:29:55| Successful DNS name lookup tests...
2008/04/04 16:29:55| DNS Socket created at 0.0.0.0, port 9544, FD 5
2008/04/04 16:29:55| Adding nameserver 192.168.10.50 from Registry
2008/04/04 16:29:55| helperOpenServers: Starting 5 'redirector.exe' processes
2008/04/04 16:29:56| helperOpenServers: Starting 5 'ncsa_auth.exe' processes
2008/04/04 16:29:56| User-Agent logging is disabled.
2008/04/04 16:29:56| Referer logging is disabled.
2008/04/04 16:29:56| Unlinkd pipe opened on FD 48
2008/04/04 16:29:56| Swap maxSize 102400 KB, estimated 11377 objects
2008/04/04 16:29:56| Target number of buckets: 568
2008/04/04 16:29:56| Using 8192 Store buckets
2008/04/04 16:29:56| Max Mem size: 65536 KB
2008/04/04 16:29:56| Max Swap size: 102400 KB
2008/04/04 16:29:56| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/04/04 16:29:56| Store logging disabled
2008/04/04 16:29:56| Rebuilding storage in c:/squid/var/cache (CLEAN)
2008/04/04 16:29:56| Using Least Load store dir selection
2008/04/04 16:29:56| Set Current Directory to c:/squid/var/cache
2008/04/04 16:29:56| Loaded Icons.
2008/04/04 16:29:56| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 53.
2008/04/04 16:29:56| Accepting ICP messages at 0.0.0.0, port 3130, FD 54.
2008/04/04 16:29:56| Accepting HTCP messages on port 4827, FD 55.
2008/04/04 16:29:56| Ready to serve requests.
2008/04/04 16:29:56| helperHandleRead: unexpected read from url_rewriter #4, 85 bytes 'ERROR: Can't write to file c:/squid/var/logs/redirector.err: Device or resource busy
'
2008/04/04 16:29:57| Store rebuilding is 54.5% complete
2008/04/04 16:29:57| Done reading c:/squid/var/cache swaplog (7516 entries)
2008/04/04 16:29:57| Finished rebuilding storage from disk.
2008/04/04 16:29:57| 7516 Entries scanned
2008/04/04 16:29:57| 0 Invalid entries.
2008/04/04 16:29:57| 0 With invalid flags.
2008/04/04 16:29:57| 7516 Objects loaded.
2008/04/04 16:29:57| 0 Objects expired.
2008/04/04 16:29:57| 0 Objects cancelled.
2008/04/04 16:29:57| 0 Duplicate URLs purged.
2008/04/04 16:29:57| 0 Swapfile clashes avoided.
2008/04/04 16:29:57| Took 0.9 seconds (8151.8 objects/sec).
2008/04/04 16:29:57| Beginning Validation Procedure
2008/04/04 16:29:57| Completed Validation Procedure
2008/04/04 16:29:57| Validated 7516 Entries
2008/04/04 16:29:57| store_swap_size = 92156k
2008/04/04 16:29:57| storeLateRelease: released 0 objects


rezhik - redirector.log - пустой
redirector.err
2008-04-04 15:11:45 [348] Redirector start and working
2008-04-04 16:29:56 [4424] MAKE-CACHE: ERROR: Can't open file c:/squid/etc/banlists/banners/lock.file: Device or resource busy

2008-04-04 16:29:56 [2212] Waiting for make-cache finished
2008-04-04 16:29:56 [4020] Waiting for mak2008-04-04 16:29:56 [5708] Waiting for make-cache finished
2008-04-04 16:29:56 [4688] Make-cache finished
2008-04-04 16:29:56 [2212] Make-cache finished detected, continue
2008-04-04 16:29:56 [4688] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-04 16:29:56 [4020] Make-cache finished detected, continue
2008-04-04 16:29:56 [4688] Load 8 pattern from BANNER pcre
2008-04-04 16:29:56 [5708] Make-cache finished detected, continue
2008-04-04 16:29:56 [2212] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-04 16:29:56 [4020] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-04 16:29:56 [2212] Load 8 pattern from BANNER pcre
2008-04-04 16:29:56 [4020] Load 8 pattern from BANNER pcre
2008-04-04 16:29:56 [5708] Load 658 rules from c:/squid/etc/banlists/banners/urls.cache
2008-04-04 16:29:56 [5708] Load 8 pattern from BANNER pcre
2008-04-04 16:29:56 [2212] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-04 16:29:56 [4688] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-04 16:29:56 [5708] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-04 16:29:56 [4020] Load 22283 rules from c:/squid/etc/banlists/porno/urls.cache
2008-04-04 16:29:56 [4020] Load 5 pattern from MP3 pcre
2008-04-04 16:29:56 [2212] Load 5 pattern from MP3 pcre
2008-04-04 16:29:56 [4688] Load 5 pattern from MP3 pcre
c/banlists/js/urls.cache
2008-04-04 16:29:56 [4020] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-04 16:29:56 [5708] Load 5 pattern from MP3 pcre
2008-04-04 16:29:56 [4688] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-04 16:29:56 [5708] Load 1 rules from c:/squid/etc/banlists/js/urls.cache
2008-04-04 16:29:56 [4688] Redirector start and working
2008-04-04 16:29:56 [4020] Redirector start and working
2008-04-04 16:29:56 [5708] Redirector start and working

[Slava]

2008/04/04 16:29:56| helperHandleRead: unexpected read from url_rewriter #4, 85 bytes 'ERROR: Can't write to file c:/squid/var/logs/redirector.err: Device or resource busy

2008-04-04 15:11:45 [348] Redirector start and working
2008-04-04 16:29:56 [4424] MAKE-CACHE: ERROR: Can't open file c:/squid/etc/banlists/banners/lock.file: Device or resource busy

Одна странность, возможно не критичная.

В приведенных логах сквида конесты идут с 127.0.0.1 в то же время, режик сконфигурен блокировать только для 10-й сетки:
work_ip 10.0.0.0/255.255.255.0

Попробуйте зайти с адреса из этой сетки на запрещенный урл и покажите логи по этот заход (сквида и режика).

[Андрей]

переписал я work_ip 10.0.0.0/255.255.255.0 на
work_ip 0.0.0.0/255.255.255.255
ниче не изменилось
и кстати есть еще одна странность - в сквиде задано чтобы подымалось 5 процессов режика - а подымается только 4..иногда всего 3

[Slava]

Покажите логи сквида и режика при заходе на запрещенный урл