Slow web proxy operation

ssl
squid
webproxy
v7

(Valeriy) #1

NethServer Version: 7.3.1611
Module: squid 3.5.20 10.el7

For about a month the server worked fine. Now there is a problem when the proxy transparent mode is enabled with an SSL page in the browser it takes about 20-25 seconds. If you translate the Web proxy into transparent mode without SSL, then the page in the browser opens quickly, about 2 seconds.
p.s.
No changes were made to the server settings.


(Giacomo Sanchietti) #2

You probably updated to CentOS 7.4, take a look at this:

This is a known upstream issue, but you can install NS workaround:

yum --enablerepo=nethserver-testing update squid

Let us know!


(Valeriy) #3

Last week, NS updates were installed. Is this a problem due to updates? Can I roll back the updates? what does the yum command --enablerepo = nethserver-testing update squid for NS? Does she fix this problem?


(Markus Neuberger) #4

Hello @Valeriy,

Yes, due to upstream updates.

I don’t think so. Only way is a working external backup.

It installs the newest fixes, including squid.

I hope so. Please report, if it helped…


(Giacomo Sanchietti) #5

I just want to add that the issue is present also in CentOS 7.3.

We already have the patched rpms on thousand of installations our customers with NS 7.3. :wink:


(Valeriy) #6

I followed the recommendations. Minutes 15-20 all worked well (web SSL proxy), then again started to work very slowly.


(Giacomo Sanchietti) #7

I guess you’re experiencing other problems, we are using patched squid since a couple of weeks and no problem so far.

Please check your network configuration and test your Internet connection.


(Valeriy) #8

If I use a Web proxy without SSL, then there is no problem. The speed is good.


(Filippo Carletti) #9

Do you have the web antivirus enabled?
If yes, could you try to disable it?
Do you see errors in /var/log/squid/cache.log?


(Valeriy) #10

Yes, the antivirus was turned on. Now I have disabled the antivirus. When the antivirus is disabled, the speed is normal. Thank you.


(Filippo Carletti) #11

Could you please search for errors in /var/log/squid/cache.log? I’d like to find the problem in the antivirus and fix it.


(Valeriy) #12

No, I was wrong. The speed check was on the computer that was in the exceptions Hosts without a proxy. The problem is actual when you select Transparent or Transparent with SSL pages open with a delay of 15 seconds

[details=Summary]2017/09/20 08:51:28 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58900 FD 1804 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:28 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:28 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58903 FD 1835 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:28 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:28 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58902 FD 1618 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:28 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:28 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58901 FD 172 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:28 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:40 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58913 FD 1751 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:40 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:40 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58914 FD 1756 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:40 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:40 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58915 FD 1820 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:40 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:49 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58927 FD 487 flags=33 (local IP does not match any domain IP)
2017/09/20 08:51:49 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:51:52 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 08:51:52 kid1| js-ks.kidstaff.net:443
2017/09/20 08:52:01 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:58929 FD 194 flags=33 (local IP does not match any domain IP)
2017/09/20 08:52:01 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59035 FD 76 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59042 FD 1127 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59041 FD 442 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59040 FD 163 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59039 FD 396 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59038 FD 293 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59037 FD 242 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 08:57:00 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59036 FD 228 flags=33 (local IP does not match any domain IP)
2017/09/20 08:57:00 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:00:38 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59084 FD 563 flags=33 (local IP does not match any domain IP)
2017/09/20 09:00:38 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:02:15 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59167 FD 77 flags=33 (local IP does not match any domain IP)
2017/09/20 09:02:15 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:02:24 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59168 FD 86 flags=33 (local IP does not match any domain IP)
2017/09/20 09:02:24 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:02:37 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59169 FD 277 flags=33 (local IP does not match any domain IP)
2017/09/20 09:02:37 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:03:03 kid1| SECURITY ALERT: Host header forgery detected on local=212.42.75.249:443 remote=192.168.15.89:49894 FD 1227 flags=33 (local IP does not match any domain IP)
2017/09/20 09:03:03 kid1| SECURITY ALERT: on URL: mail.ukr.net:443
2017/09/20 09:03:47 kid1| SECURITY ALERT: Host header forgery detected on local=212.42.75.249:443 remote=192.168.15.89:49918 FD 597 flags=33 (local IP does not match any domain IP)
2017/09/20 09:03:47 kid1| SECURITY ALERT: on URL: mail.ukr.net:443
2017/09/20 09:08:13 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59235 FD 1469 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:13 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:13 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59512 FD 1269 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:13 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:13 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59511 FD 1266 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:13 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:13 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59510 FD 283 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:13 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:13 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59509 FD 795 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:13 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:13 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59508 FD 644 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:13 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:15 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59514 FD 1083 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:15 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:15 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59515 FD 1480 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:15 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:16 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59516 FD 378 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:16 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:17 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59517 FD 1487 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:17 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59518 FD 337 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59519 FD 1603 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:21 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59520 FD 393 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:21 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:21 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59521 FD 1183 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:21 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:23 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59522 FD 1111 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:23 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:26 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59525 FD 1588 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:26 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:27 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59526 FD 1731 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:27 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:28 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59527 FD 1471 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:28 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:31 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59528 FD 1295 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:31 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:31 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59529 FD 1748 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:31 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:34 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59530 FD 1355 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:34 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:35 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59531 FD 1208 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:35 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:35 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59532 FD 1309 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:35 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:08:36 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59533 FD 146 flags=33 (local IP does not match any domain IP)
2017/09/20 09:08:36 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:09:38 kid1| SECURITY ALERT: Host header forgery detected on local=52.31.204.225:443 remote=192.168.15.59:60404 FD 100 flags=33 (local IP does not match any domain IP)
2017/09/20 09:09:38 kid1| SECURITY ALERT: on URL: ismatlab.com:443
2017/09/20 09:09:38 kid1| SECURITY ALERT: Host header forgery detected on local=52.31.204.225:443 remote=192.168.15.59:60489 FD 1819 flags=33 (local IP does not match any domain IP)
2017/09/20 09:09:38 kid1| SECURITY ALERT: on URL: ismatlab.com:443
2017/09/20 09:09:38 kid1| SECURITY ALERT: Host header forgery detected on local=52.31.204.225:443 remote=192.168.15.59:60488 FD 1816 flags=33 (local IP does not match any domain IP)
2017/09/20 09:09:38 kid1| SECURITY ALERT: on URL: ismatlab.com:443
2017/09/20 09:09:38 kid1| SECURITY ALERT: Host header forgery detected on local=52.31.204.225:443 remote=192.168.15.59:60487 FD 1722 flags=33 (local IP does not match any domain IP)
2017/09/20 09:09:38 kid1| SECURITY ALERT: on URL: ismatlab.com:443
2017/09/20 09:09:38 kid1| SECURITY ALERT: Host header forgery detected on local=52.31.204.225:443 remote=192.168.15.59:60486 FD 1425 flags=33 (local IP does not match any domain IP)
2017/09/20 09:09:38 kid1| SECURITY ALERT: on URL: ismatlab.com:443
2017/09/20 09:13:48 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59705 FD 427 flags=33 (local IP does not match any domain IP)
2017/09/20 09:13:48 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:06 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59728 FD 1375 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:06 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:09 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59729 FD 372 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:09 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:15 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59731 FD 101 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:15 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:15 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59732 FD 110 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:15 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:15 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59733 FD 138 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:15 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:16 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59734 FD 1620 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:16 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:17 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59735 FD 1057 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:17 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:18 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59736 FD 128 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:18 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:18 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59737 FD 730 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:18 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59738 FD 545 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59739 FD 554 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59741 FD 671 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59742 FD 715 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59743 FD 868 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59740 FD 662 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:19 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59744 FD 1028 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:19 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:20 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59745 FD 618 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:20 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:14:38 kid1| SECURITY ALERT: Host header forgery detected on local=185.137.17.58:443 remote=192.168.15.14:59746 FD 155 flags=33 (local IP does not match any domain IP)
2017/09/20 09:14:38 kid1| SECURITY ALERT: on URL: default0.opera-proxy.net:443
2017/09/20 09:17:19 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:19 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:19 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:19 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:19 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:19 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:19 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:19 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:19 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:19 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:42 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:42 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:42 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:42 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:42 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:42 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:46 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:46 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:47 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:47 kid1| default0.opera-proxy.net:443
2017/09/20 09:17:50 kid1| WARNING: Closing client connection due to lifetime timeout
2017/09/20 09:17:50 kid1| default0.opera-proxy.net:443
2017/09/20 09:18:44| Set Current Directory to /var/spool/squid
2017/09/20 09:18:44 kid1| Preparing for shutdown after 585716 requests
2017/09/20 09:18:44 kid1| Waiting 1 seconds for active connections to finish
2017/09/20 09:18:44 kid1| Closing HTTP port [::]:3128
2017/09/20 09:18:44 kid1| Closing HTTP port [::]:3129
2017/09/20 09:18:44 kid1| Closing HTTPS port [::]:3130
2017/09/20 09:18:44 kid1| Set Current Directory to /var/spool/squid
2017/09/20 09:18:44 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu…
2017/09/20 09:18:44 kid1| Service Name: squid
2017/09/20 09:18:44 kid1| Process ID 14410
2017/09/20 09:18:44 kid1| Process Roles: worker
2017/09/20 09:18:44 kid1| With 16384 file descriptors available
2017/09/20 09:18:44 kid1| Initializing IP Cache…
2017/09/20 09:18:44 kid1| DNS Socket created at [::], FD 6
2017/09/20 09:18:44 kid1| DNS Socket created at 0.0.0.0, FD 8
2017/09/20 09:18:44 kid1| Adding domain serv.local from /etc/resolv.conf
2017/09/20 09:18:44 kid1| Adding domain serv.local from /etc/resolv.conf
2017/09/20 09:18:44 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2017/09/20 09:18:44 kid1| helperOpenServers: Starting 5/20 ‘ufdbgclient’ processes
2017/09/20 09:18:44 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2017/09/20 09:18:44 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2017/09/20 09:18:44 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2017/09/20 09:18:44 kid1| Store logging disabled
2017/09/20 09:18:44 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2017/09/20 09:18:44 kid1| Target number of buckets: 1008
2017/09/20 09:18:44 kid1| Using 8192 Store buckets
2017/09/20 09:18:44 kid1| Max Mem size: 262144 KB
2017/09/20 09:18:44 kid1| Max Swap size: 0 KB
2017/09/20 09:18:44 kid1| Using Least Load store dir selection
2017/09/20 09:18:44 kid1| Set Current Directory to /var/spool/squid
2017/09/20 09:18:44 kid1| Finished loading MIME types and icons.
2017/09/20 09:18:44 kid1| HTCP Disabled.
2017/09/20 09:18:44 kid1| Squid plugin modules loaded: 0
2017/09/20 09:18:44 kid1| Adaptation support is off.
2017/09/20 09:18:44 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 21 flags=9
2017/09/20 09:18:44 kid1| Accepting NAT intercepted HTTP Socket connections at local=[::]:3129 remote=[::] FD 22 flags=41
2017/09/20 09:18:45 kid1| storeLateRelease: released 0 objects
2017/09/20 09:18:54 kid1| Starting new redirector helpers…
2017/09/20 09:18:54 kid1| helperOpenServers: Starting 5/20 ‘ufdbgclient’ processes
2017/09/20 09:19:23| Set Current Directory to /var/spool/squid
2017/09/20 09:19:23 kid1| Preparing for shutdown after 145 requests
2017/09/20 09:19:23 kid1| Waiting 1 seconds for active connections to finish
2017/09/20 09:19:23 kid1| Closing HTTP port [::]:3128
2017/09/20 09:19:23 kid1| Closing HTTP port [::]:3129[/details]


(Filippo Carletti) #13

Can you please post the output of rpm -qi squid ?


(Valeriy) #14

[details=Summary][root@neth ~]# rpm -qi squid
Name : squid
Epoch : 7
Version : 3.5.20
Release : 999.ns7
Architecture: x86_64
Install Date: Mon 18 Sep 2017 11:57:24 AM EEST
Group : System Environment/Daemons
Size : 10845675
License : GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
Signature : RSA/SHA1, Thu 14 Sep 2017 02:54:12 PM EEST, Key ID 9cb28ea039baf5c 1
Source RPM : squid-3.5.20-999.ns7.src.rpm
Build Date : Thu 14 Sep 2017 01:47:29 PM EEST
Build Host : e1fda7e10dd0473fb125ac97ecd0cb2a
Relocations : (not relocatable)
Vendor : NethServer
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
[/details]


(Valeriy) #15

The problem is urgent. When transparent proxy is enabled with SSL, pages are opened with a delay of 20-25 seconds.


(Marc) #16

Does it happen when using other than Opera web browser?


(Michael Träumner) #17

Please have a look at the following link at post 6:

Squid suddenly stops

Perhaps it could be a solution for you too.


(Michael Träumner) #18

@Valeriy Coul’d you solve your problem?


(Federico Ballarini) #19

I have solve use this…


(Michael Träumner) #20

Thanks for feedback.
Please mark your answer as solution.