Errors and alerts detected in the cache.log file of the Squid service...

Questions to IPFire Addons.
Post Reply
tikok974
Posts: 77
Joined: January 3rd, 2017, 9:53 am

Errors and alerts detected in the cache.log file of the Squid service...

Post by tikok974 » August 28th, 2019, 10:47 am

Hi everybody,

I noticed strange alerts in Squid's cache.log file (see below):

Code: Select all

...
...
2019/08/26 01:26:01 kid1| Store rebuilding is 13.03% complete
2019/08/26 01:26:01 kid1| Done reading /var/log/cache swaplog (30694 entries)
2019/08/26 01:26:01 kid1| Finished rebuilding storage from disk.
2019/08/26 01:26:01 kid1|     30694 Entries scanned
2019/08/26 01:26:01 kid1|         0 Invalid entries.
2019/08/26 01:26:01 kid1|         0 With invalid flags.
2019/08/26 01:26:01 kid1|     30694 Objects loaded.
2019/08/26 01:26:01 kid1|         0 Objects expired.
2019/08/26 01:26:01 kid1|         0 Objects cancelled.
2019/08/26 01:26:01 kid1|         0 Duplicate URLs purged.
2019/08/26 01:26:01 kid1|         0 Swapfile clashes avoided.
2019/08/26 01:26:01 kid1|   Took 0.24 seconds (129965.70 objects/sec).
2019/08/26 01:26:01 kid1| Beginning Validation Procedure
2019/08/26 01:26:01 kid1|   Completed Validation Procedure
2019/08/26 01:26:01 kid1|   Validated 30694 Entries
2019/08/26 01:26:01 kid1|   store_swap_size = 3798304.00 KB
Can't write-open /var/log/updatexlrator/checkdeaddl.lck: Permission denied at /var/ipfire/updatexlrator/bin/checkdeaddl line 33.
Can't write-open /var/log/updatexlrator/checkdeaddl.lck: Permission denied at /var/ipfire/updatexlrator/bin/checkdeaddl line 33.
2019/08/27 01:26:14 kid1| storeLateRelease: released 0 objects
2019/08/27 07:52:36 kid1| local=192.168.12.12:800 remote=192.168.12.114:50234 FD 30 flags=1: read/write failure: (32) Broken pipe
2019/08/27 07:52:53 kid1| local=192.168.12.12:800 remote=192.168.43.170:49225 FD 52 flags=1: read/write failure: (113) No route to host
2019/08/27 08:05:49 kid1| ipcacheParse No Address records in response to 'ipv6.msftncsi.com'
2019/08/27 08:05:49 kid1| ipcacheParse No Address records in response to 'ipv6.msftncsi.com'
2019/08/27 08:51:39 kid1| SECURITY ALERT: Host header forgery detected on local=216.115.218.197:80 remote=192.168.43.43:52177 FD 186 flags=33 (intercepted port does not match 443)
2019/08/27 08:51:39 kid1| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible)
2019/08/27 08:51:39 kid1| SECURITY ALERT: on URL: 216.115.218.197:443
2019/08/27 08:51:39 kid1| kick abandoning local=216.115.218.197:80 remote=192.168.43.43:52177 FD 186 flags=33
2019/08/27 08:51:39 kid1| SECURITY ALERT: Host header forgery detected on local=216.115.218.197:80 remote=192.168.43.43:52182 FD 187 flags=33 (intercepted port does not match 443)
2019/08/27 08:51:39 kid1| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible)
2019/08/27 08:51:39 kid1| SECURITY ALERT: on URL: 216.115.218.197:443
...
...
What interests me most is:

Code: Select all

...
...
Can't write-open /var/log/updatexlrator/checkdeaddl.lck: Permission denied at /var/ipfire/updatexlrator/bin/checkdeaddl line 33.
Can't write-open /var/log/updatexlrator/checkdeaddl.lck: Permission denied at /var/ipfire/updatexlrator/bin/checkdeaddl line 33.
...
...
2019/08/27 07:52:36 kid1| local=192.168.12.12:800 remote=192.168.12.114:50234 FD 30 flags=1: read/write failure: (32) Broken pipe
2019/08/27 07:52:53 kid1| local=192.168.12.12:800 remote=192.168.43.170:49225 FD 52 flags=1: read/write failure: (113) No route to host
...
...
2019/08/27 08:51:39 kid1| SECURITY ALERT: Host header forgery detected on local=216.115.218.197:80 remote=192.168.43.43:52177 FD 186 flags=33 (intercepted port does not match 443)
2019/08/27 08:51:39 kid1| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible)
2019/08/27 08:51:39 kid1| SECURITY ALERT: on URL: 216.115.218.197:443
2019/08/27 08:51:39 kid1| kick abandoning local=216.115.218.197:80 remote=192.168.43.43:52177 FD 186 flags=33
2019/08/27 08:51:39 kid1| SECURITY ALERT: Host header forgery detected on local=216.115.218.197:80 remote=192.168.43.43:52182 FD 187 flags=33 (intercepted port does not match 443)
2019/08/27 08:51:39 kid1| SECURITY ALERT: By user agent: Mozilla/4.0 (compatible)
2019/08/27 08:51:39 kid1| SECURITY ALERT: on URL: 216.115.218.197:443
..
...
Could someone please explain to me why I get this type of error message or alert ?

I have checked the permissions on the " " file and here is what is displayed:

Code: Select all

[root@myfirewall squid]# ls -altr /var/log/updatexlrator/checkdeaddl.lck
-rw-r--r-- 1 root root 0 Aug 28 01:25 /var/log/updatexlrator/checkdeaddl.lck
[root@myfirewall squid]#

Many thanks

Post Reply