Darren Spruell wrote:
[...]
> It seems that every hour when we reload the cache, that error conditions
> occur on this second proxy. Here are entries from cache.log during one
> such occurance:
>
> 2004/04/10 13:01:01| Restarting Squid Cache (version 2.5.STABLE4)...
> 2004/04/10 13:01:01| FD 31 Closing HTTP connection
> 2004/04/10 13:01:01| FD 32 Closing ICP connection
> 2004/04/10 13:01:01| FD 38 Closing SNMP socket
> 2004/04/10 13:01:01| Closing unlinkd pipe on FD 33
> 2004/04/10 13:01:01| User-Agent logging is disabled.
> 2004/04/10 13:01:01| Referer logging is disabled.
> 2004/04/10 13:01:01| DNS Socket created at 0.0.0.0, port 32854, FD 6
> 2004/04/10 13:01:01| Adding nameserver 127.0.0.1 from /etc/resolv.conf
> 2004/04/10 13:01:01| Adding nameserver 10.5.1.11 from /etc/resolv.conf
> 2004/04/10 13:01:01| helperOpenServers: Starting 20 'squidGuard' processes
> 2004/04/10 13:01:01| Unlinkd pipe opened on FD 33
> 2004/04/10 13:01:01| Accepting HTTP connections at 0.0.0.0, port 8080,
> FD 31.
> 2004/04/10 13:01:01| Accepting ICP messages at 0.0.0.0, port 3130, FD 32.
> 2004/04/10 13:01:01| HTCP Disabled.
> 2004/04/10 13:01:01| Accepting SNMP messages on port 3401, FD 38.
> 2004/04/10 13:01:01| WCCP Disabled.
> 2004/04/10 13:01:01| Configuring Sibling 10.5.1.11/8080/3130
> 2004/04/10 13:01:01| Loaded Icons.
> 2004/04/10 13:01:01| Ready to serve requests.
> 2004/04/10 13:01:18| Failure Ratio at 1.01
> 2004/04/10 13:01:18| Going into hit-only-mode for 5 minutes...
> [...]


I read in the FAQ that this indicates that the ratio of errors to
successes is out of control and to search for ERR_* conditions in the
access.log while this occurs. However, I don't see any ERR_* entries in
the access.log. I do see lots of successful pages accessed (TCP_MISS,
TCP_HIT, etc.)

>
> As this is happening, the users on this proxy begin to see pages
> suddenly redirected to the whitelist error page - the one they are
> redirected to when the site they are requesting is not on the whitelist.
> This starts to appear for *any* page they visit, even the allowed sites.

[...]

Here are the enabled lines from squid.conf, in case it helps:

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
redirect_program /usr/bin/squidGuard
redirect_children 20
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl allports port 1-65535
acl local src 10.5.0.0/255.255.0.0
acl msn dst 64.4.13.170-64.4.13.189
acl novell src 10.5.53.0/255.255.255.0
acl snmppublic snmp_community public
acl squid2 src 10.5.1.12/255.255.255.255
http_access allow manager localhost
http_access allow manager squid2
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_access allow novell CONNECT allports
http_access allow novell all
http_access allow novell allports
http_access deny msn
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
append_domain .sento.com
icp_hit_stale on
snmp_access allow snmppublic local
snmp_port 3401
coredump_dir /var/cache/squid

--
Darren Spruell