RE: [squid-users] Squid3 reverse proxy & Failed to select source strange errors

From: Mike Marchywka <marchywka_at_hotmail.com>
Date: Mon, 23 Nov 2009 09:40:09 -0500

----------------------------------------
> Date: Tue, 24 Nov 2009 02:08:01 +1300
> From: squid3_at_treenet.co.nz
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Squid3 reverse proxy & Failed to select source strange errors
>
> David B. wrote:
>> Hi Squid users,
>>
>> We're using squid3 as a reverse proxy on several boxes and he's working
>> quite well.
>>
>> Squid configuration is quite simple :
>> cache_peer X.X.X.X parent 80 0 no-query originserver no-digest
>> cache_peer Y.Y.Y.Y parent 80 0 no-query originserver no-digest
>>
>> cache_peer_domain X.X.X.X static.myhost1.com
>> cache_peer_domain Y.Y.Y.Y static.myhost2.com
>>
>> So squid deliver static content and ONLY get missing files from backend
>> with cache_peer.
>>
>> But sometimes (several times a day), i got some stange errors from
>> cache.log.
>> It seems that squid is trying to contact servers that are not in
>> cache_peer list with domain name that I should not handle any request !.
>>
>> Exemple :
>> 2009/11/23 08:36:28| Failed to select source for
>> 'http://img43.imageshack.us/img43/416/greysanatomypromotional.jpg'
>> 2009/11/23 08:36:28| always_direct = 0
>> 2009/11/23 08:36:28| never_direct = 0
>> 2009/11/23 08:36:28| timedout = 0
>> [snip]
>> 2009/11/23 11:02:26| Failed to select source for
>> 'http://pagead2.googlesyndication.com/pagead/show_ads.js'
>> 2009/11/23 11:02:26| always_direct = 0
>> 2009/11/23 11:02:26| never_direct = 0
>> 2009/11/23 11:02:26| timedout = 0
>>
>> I'm not imageshack or google. :)
>>
>
> Normal website attacks.
>
> One of the benefits of using Squid is to prevent these resource wasters
> getting near the backend processors. "Failed to select source" is good
> news.
>
> You might also want to occasionally scan the access.log to see if any
> foreign requests do get through (2xx or 3xx status). If any do you have
> a problem, otherwise everything is fine.

I think we had our's up for maybe 1 day before it was discovered.
We just added our own headers for authentication. Not sure this
is always an option but if you can restrict by IP or UA or something
that may be the easiest thing to do.

>
>
> NP: If you see many of these attacks (or a few regularly) and can log
> the sources there are services around for back-tracking and killing off
> the attack sources. I administrate one such and am always seeking
> reliable data sources.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
> Current Beta Squid 3.1.0.14
                                               
_________________________________________________________________
Windows 7: It works the way you want. Learn more.
http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen:112009v2
Received on Mon Nov 23 2009 - 14:40:16 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 23 2009 - 12:00:04 MST