Посоветуйте как решить следующую проблему. Настроил связку squid+icap+clamav на шлюзовой машине (192.168.1.4). squid работает прозрачно. Столькнулся с проблемой, что на рабочей машине пользователя где шлюз 192.168.1.4 (т е машина со сквидом, на которой стоит данная связка) при открытии страницы http://www.mail.ru/ в браузере пояляется просто пустая страница с цифрой 2 вверху справа; либо 200, а слева в вверху -->; либо вместо некоторых отображений появляется например < 200 td colspan=3 width=100% valign=top height=29> . Лишь только при обновлении этой страницы n-е кол-во раз она отображается нормально. Если сделать прокси не прозрачным все равно тажа проблема. Остальные сайты работают нормально. В чем может быть дело?
сам squid.conf
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
emulate_httpd_log on
acl URL_ALLOW url_regex "/usr/local/squid/share/squidblock/url_allow.txt"
no_cache deny URL_ALLOW
acl linux src 192.168.1.0/255.255.255.0
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 90 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 50096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 800 KB
cache_dir ufs /usr/local/squid/var/cache 7500 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
mime_table /usr/local/squid/etc/mime.conf
/usr/local/squid/etc/passwd
/usr/local/squid/etc/digpass
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 192.168.1.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl squid_block_badlang url_regex -i "/usr/local/squid/share/squidblock/badlang.block.txt"
acl squid_unblock_badlang url_regex -i "/usr/local/squid/share/squidblock/badlang.unblock.txt"
acl squid_block_entertain url_regex -i "/usr/local/squid/share/squidblock/entertain.block.txt"
acl squid_unblock_entertain url_regex -i "/usr/local/squid/share/squidblock/entertain.unblock.txt"
acl squid_block_games url_regex -i "/usr/local/squid/share/squidblock/games.block.txt"
acl squid_unblock_games url_regex -i "/usr/local/squid/share/squidblock/games.unblock.txt"
acl squid_block_pirate url_regex -i "/usr/local/squid/share/squidblock/pirate.block.txt"
acl squid_block_mp3 url_regex -i "/usr/local/squid/share/squidblock/mp3.block.txt"
acl squid_unblock_pirate url_regex -i "/usr/local/squid/share/squidblock/pirate.unblock.txt"
acl squid_block_porn url_regex -i "/usr/local/squid/share/squidblock/porn.block.txt"
acl squid_unblock_porn url_regex -i "/usr/local/squid/share/squidblock/porn.unblock.txt"
http_access deny squid_block_badlang !squid_unblock_badlang
http_access deny squid_block_entertain !squid_unblock_entertain
http_access deny squid_block_games !squid_unblock_games
http_access deny squid_block_pirate !squid_unblock_pirate
http_access deny squid_block_mp3
http_access deny squid_block_porn !squid_unblock_porn
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
acl our_networks src 192.168.1.0/255.255.255.0
http_access allow our_networks
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host on
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service service_avi respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class class_antivirus service_avi service_avi_req
icap_access class_antivirus allow all
no-keep-alive
icap://icap3.mydomain.net:1344/respmod
сам c_icap.conf
PidFile /var/run/c-icap.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
# set KeepAliveTimeout to -1 for no timeout
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
User nobody
Group nobody
TmpDir /usr/clamav
MaxMemObject 200072
ServerLog /usr/local/c_icap/var/log/server.log
AccessLog /usr/local/c_icap/var/log/access.log
ModulesDir /usr/lib
Module logger sys_logger.so
sys_logger.Prefix "C-ICAP:"
sys_logger.Facility local1
Logger file_logger
default_acl.icap_access
acl localsquid_respmod src 127.0.0.1 type respmod
acl localsquid src 127.0.0.1
acl externalnet src 0.0.0.0/0.0.0.0
icap_access allow localsquid_respmod
icap_access allow localsquid
icap_access deny externalnet
ServicesDir /usr/lib
Service echo_module srv_echo.so
Service squard_module srv_sguard.so
Service antivirus_module srv_clamav.so
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
StartSendPercentDataAfter size
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M
srv_clamav.MaxObjectSize 5M
srv_clamav.ClamAvTmpDir /tmp
srv_clamav.ClamAvMaxFilesInArchive 0
srv_clamav.ClamAvMaxFileSizeInArchive 100M
srv_clamav.ClamAvMaxRecLevel 5
srv_clamav.VirSaveDir /var/infected/
srv_clamav.VirHTTPServer "DUMMY".
srv_clamav.VirUpdateTime 15
srv_clamav.VirScanFileTypes
запускаю связку с помощью скрипта
freshclam
clamd
cd /usr/local/c_icap/bin
./c-icap
cd /usr/local/squid/sbin
./squid
modprobe ipt_MASQUERADE
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 83.220.162.18
echo 0 > /proc/sys/net/ipv4/tcp_ecn
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128