Страница 1 из 1

[SOLVED] странное поведение то ли сквида то ли редиректора

Добавлено: Вс мар 09, 2014 13:35
igro
подменяются урлы посещаемых ресурсов:
почему после ссылки добавляется локальный айпи?

squid log:
1394357582.664 278 10.14.0.57 TCP_MISS/404 1830 GET http://www.google.com/10.14.0.57/--GET - HIER_DIRECT/188.43.65.176 text/html
redirector.log пуст

redirector.err:
2014-03-09 19:23:06 [31582] Load 22283 rules from /etc/squid/banlists/porno/urls.cache
2014-03-09 19:23:06 [31582] Load 6 pattern from MP3 pcre
2014-03-09 19:23:06 [31582] Load 1 rules from /etc/squid/banlists/js/urls.cache
2014-03-09 19:23:06 [31582] Redirector start and working (3.2.10)
2014-03-09 19:23:06 [31585] Make-cache finished detected, continue
2014-03-09 19:23:06 [31585] Load 658 rules from /etc/squid/banlists/banners/urls.cache
2014-03-09 19:23:06 [31585] Load 22283 rules from /etc/squid/banlists/porno/urls.cache
2014-03-09 19:23:06 [31585] Load 6 pattern from MP3 pcre
2014-03-09 19:23:06 [31585] Load 1 rules from /etc/squid/banlists/js/urls.cache
2014-03-09 19:23:06 [31585] Redirector start and working (3.2.10)
redirector.conf:
error_log /var/log/rejik/redirector.err
change_log /var/log/rejik/redirector.log
make-cache /usr/sbin/make-cache
#allow_urls /etc/squid/banlists/allow_urls

<BANNER>
ban_dir /etc/squid/banlists/banners
url http://127.0.0.1/1x1.gif
#log off

<PORNO>
ban_dir /etc/squid/banlists/porno
url http://127.0.0.1/porno.html

<MP3>
ban_dir /etc/squid/banlists/mp3
url http://127.0.0.1/mp3.html

<JS>
ban_dir /etc/squid/banlists/js
url http://127.0.0.1/js.js
#log off
Linux 2.6.32-431.5.1.el6.x86_64
Squid Cache: Version 3.4.1
configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=session,unix_group,wbinfo_group,file_userip' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig'
squid.conf:
acl localnet src 10.14.0.0/24 # RFC1918 possible internal network
acl wirelessnet src 10.14.1.0/24 # RFC1918 possible internal network
acl buhnet src 10.14.2.0/24 # RFC1918 possible internal network
acl vpn_net src 10.14.3.0/24 # RFC1918 possible internal network
acl conference2 src 10.14.0.55
acl conference1 src 10.14.0.36
acl stepmax src 10.14.0.27
acl mikhail_larionov src 10.14.0.61
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 20 # ftp
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1024-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3690-3790 # svn
acl CONNECT method CONNECT
acl blacklist dstdomain '/etc/squid/blacklist.txt'
acl conference_list dstdomain '/etc/squid/conference_list.txt'
acl whitelist dstdomain '/etc/squid/whitelist.txt'
acl froxserver src 10.14.0.1

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access allow conference_list conference1
http_access allow conference_list conference2
http_access allow conference_list mikhail_larionov
http_access allow conference_list stepmax
http_access allow whitelist localnet
http_access deny manager
http_access deny blacklist localnet
http_access deny blacklist wirelessnet
http_access deny blacklist vpn_net
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow wirelessnet
http_access allow buhnet
http_access allow vpn_net
http_access allow localhost
http_access allow froxserver

# And finally deny all other access to this proxy
http_access deny all

# Delay bandwidth speed
#delay_pools 1
#delay_class 1 2
#delay_access 1 allow localnet wirelessnet buhnet
#delay_parameters 1 -1/-1 64000/128000
#delay_parameters 1 -1/-1 -1/-1

# Squid normally listens to port 3128
http_port 10.14.0.1:3129
http_port 10.14.1.1:3129
http_port 10.14.2.1:3129
http_port 10.14.3.1:3129
http_port 10.14.0.1:3128 transparent
http_port 10.14.1.1:3128 transparent
http_port 10.14.2.1:3128 transparent
http_port 10.14.3.1:3128 transparent

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /opt/squid/cache 512 16 256
cache_dir ufs /opt/squid/cache 2048 16 256
access_log /opt/squid/logs/access.log squid
cache_log /opt/squid/logs/cache.log
cache_store_log /opt/squid/logs/store.log
cache_effective_user squid
cache_effective_group squid
#cache_mem 128 MB
cache_mgr admin@localhost
error_directory /usr/share/squid/errors/ru

#REJIK
redirect_program /usr/sbin/redirector /etc/squid/redirector.conf

#HAVP
#cache_peer 127.0.0.1 parent 88 0 no-query default no-digest
#acl Scan_HTTP proto HTTP
#never_direct allow Scan_HTTP
forwarded_for on

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Re: странное поведение то ли сквида то ли редиректора

Добавлено: Вс мар 09, 2014 18:25
igro
Собрал эту версию http://rejik.ru/download/redirector-3.2 ... id_3.4.tgz
Все работает