Доброго времени суток!
Столкнулся с такой проблемой, незнаю куда рыть. В общем ситуация такова.
Стоит ОСЬ Linux proxy.sams 2.6.39-200.24.1.el6uek.x86_64 #1 SMP Sat Jun 23 02:39:07 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
На ней стоит squid 3.1.10 в сборке
Squid Cache: Version 3.1.10
configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-internal-dns' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-arp-acl' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth' '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth' '--enable-digest-auth-helpers=password,ldap,eDirectory' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' --with-squid=/builddir/build/BUILD/squid-3.1.10+ стоит sams2, и все отлично работает =) Но появился костыль когда я решил смотреть в реальном времени статистику кальмара. Поставил я sqstat 1.20 и вот тут началось самое интересное:
Конфиг сквида:::
[root@proxy bin]# cat /etc/squid/squid.conf
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
# TAG: acl
# Defining an Access List
#Recommended minimum configuration:
acl Sams2Time1 time MTWHFAS 00:00-23:59
acl Sams2Template9 src *.*.*.*
acl Sams2Template9 src *.*.*.*
******************
acl Sams2Template16 src *.*.*.*
acl manager proto cache_object
acl sqstat src 10.10.53.5/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
acl Safe_ports port 7777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
http_access allow Sams2Template9
http_access allow manager
http_access allow sqstat
http_access deny manager
cachemgr_passwd pass all
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access deny all
# TAG: icp_access
icp_access allow all
# TAG: follow_x_forwarded_for
follow_x_forwarded_for deny all
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# TAG: http_port
http_port 3128
hierarchy_stoplist cgi-bin ?
# TAG: cache_log
cache_log /var/log/squid/cache.log
# TAG: cache_store_log
cache_store_log /var/log/squid/store.log
#--------------------------------------------------------------
#TAG: refresh_pattern
#usage: refresh_pattern [-i] regex min percent max [options]
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# TAG: url_rewrite_program
url_rewrite_program /usr/local/bin/sams2redir
via off
forwarded_for delete Кoнфиг sams2:
; Database name
SAMS_DB=sams2db;
ODBC=0
PDO=0
; Source as defined in odbc.ini
; This parameter is not neccesary for engine other than unixODBC
ODBCSOURCE=sams_mysql
; Username for database connection
DB_USER=****
; Password for database connection
DB_PASSWORD=********
SQUIDCACHEFILE=access.log
SQUIDROOTDIR=/etc/squid
SQUIDLOGDIR=/var/log/squid
SQUIDCACHEDIR=/usr/local/apache2
WBINFOPATH=/usr/local
SAMSPATH=/usr/local
SQUIDPATH=/usr/sbin
SQUIDGUARDLOGPATH=/var/log
SQUIDGUARDDBPATH=/var/db/squidguard
RECODECOMMAND=iconv -f KOI8-R -t 866 %finp > %fout
REJIKPATH=/usr/local/rejik3
SHUTDOWNCOMMAND=shutdown -h now
; Proxy id
; Identificator of proxy, starting from 1
CACHENUM=1Конфиг sqstat 1.20
[root@proxy bin]# cat /var/www/html/sqstat/config.inc.php
<?php
/* global settings */
$use_js=true; // use javascript for the HTML toolkits
// Maximum URL length to display in URI table column
DEFINE("SQSTAT_SHOWLEN",60);
/* proxy settings */
/* Squid proxy server ip address or host name */
$squidhost[0]="10.10.40.5";
/* Squid proxy server port */
$squidport[0]=3128;
/* cachemgr_passwd in squid.conf. Leave blank to disable authorisation */
$cachemgr_passwd[0]="pass";
/* Resolve user IP addresses or print them as numbers only [true|false] */
$resolveip[0]=true;
/* uncomment next line if you want to use hosts-like file.
See hosts.txt.dist. */
$hosts_file[0]="hosts.txt";
/* Group users by hostname - "host" or by User - "username". Username work only
with squid 2.6+ */
$group_by[0]="host";
?> И вот теперь такая ситуация: Я в конфиге сквида коментирую строчку
#TAG: url_rewrite_program
#url_rewrite_program /usr/local/bin/sams2redir
acl sqstat src 127.0.0.1/32Когда строка конфига сквида раскоментированна
#TAG: url_rewrite_program
url_rewrite_program /usr/local/bin/sams2redir SqStat error
Error (1): Cannot get data. Server answered: HTTP/1.0 500 Internal Server Error10.10.40.5 - cachemgr [16/Sep/2016:11:31:35 +0600] "GET /sams2/blocked.php/blocked.php?action=usernotfound&id=127.0.0.1 HTTP/1.1" 500 212 "-" "-"
10.10.112.112 - - [16/Sep/2016:11:31:35 +0600] "GET /sqstat/ HTTP/1.1" 200 413 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0"
10.10.112.112 - - [16/Sep/2016:11:31:35 +0600] "GET /sqstat/sqstat.css HTTP/1.1" 304 - "http://10.10.53.5/sqstat/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0"
Если я допустим в конфигах в место 127.0.0.1 ставлю значение 10.10.53.5 то получаю ошибку
"
SqStat error
Error (110): Connection timed out
"
в логах я вижу
10.10.112.112 - - [16/Sep/2016:11:36:16 +0600] "GET /sqstat/ HTTP/1.1" 200 367 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0"
10.10.112.112 - - [16/Sep/2016:11:36:26 +0600] "GET /sqstat/sqstat.css HTTP/1.1" 304 - "http://10.10.53.5/sqstat/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0"
