<div dir="ltr">Have you been able to identify in your logs whether it's dansguardian or squid that's croaking? My guess is it's probably squid. You may need to find out a little more exactly what's happening when it dies. For instance, is perhaps the squid (or dg) process getting terminated because it can't handle a particular request correctly, or is perhaps everything working as it should, but perhaps your bandwidth is getting saturated because of squid trying to complete a large number of downloads initiated by this end user. (I've had that before...misconfigured squid seemingly killing a library's Internet access because it was trying to download multiple instances of a large anti-virus download.)<div><br></div><div>If you can identify a particular site in the logs that's causing you problems, then you can adjust for it.</div><div>If your ClearOS has a peer-to-peer user forum, then try posting your questions in the appropriate forum and you'll likely get more specific/applicable help in troubleshooting/narrowing down your problem.</div><div><br></div><div>Squid is very widely used, of course, so if you can narrow it down to squid, there's lots of info out there that you can probably leverage to try to configure your way out of the problem.</div><div><br></div><div>If you have to (if the logs don't help you narrow things down), you can probably route that particular patron around dansguardian and pass them directly to squid to eliminate dg as the problem. It sounds as if you're typically made aware when that patron is using the computers. ;-)</div><div><br></div><div>If you can identify a particular website as causing the problems, let me know. I'd be interested to test it against my own dg+squid configurations to see how they hold up. To specifically answer your question: No. To the best of my knowledge, we haven't had any problems specifically with Chinese character websites. Occasionally, there are problems with individual websites doing seemingly oddball things that squid or dg doesn't much like. Symptoms usually present as a web page (often a pop-up) not displaying correctly or a file not downloading correctly. (It usually turns out to be dg and I simply exclude that url from the filter.) I correct for them as I'm made aware of them, but fortunately it's not particularly frequent. </div><div><br></div><div>Good luck!</div><div>Chad</div><div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div>______________________________<br><b>Chad Neeper</b><br><font size="1">Senior Systems Engineer</font><br><br><b>Level 9 Networks</b><br><font size="1">740-548-8070 (voice)<br>866-214-6607 (fax)</font><br><br><font size="1"><i>Full LAN/WAN consulting services -- Specialized in libraries and schools</i></font><br></div>
<br><div class="gmail_quote">On Mon, Sep 29, 2014 at 12:56 PM, Chad Morris <span dir="ltr"><<a href="mailto:morrisch@oplin.org" target="_blank">morrisch@oplin.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">I’ve been experiencing an odd issue with my web filtering firewall pertaining to Chinese web sites and spam email. I have a ClearOS server in bridge mode doing URL re-write filtering sitting in front of my main firewall. The ClearOS server catches all web traffic leaving the network, filters out any bad words, and enforces safe searches (Google, Bing, etc.). And due to the large amount of past malicious activity, I’ve blocked most of APNIC, RIPE, AFRNIC, and LACNIC IP addresses on my main firewall (MikroTik RB2011UiAS-RM).<u></u><u></u></p><p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal">I’ve narrowed the issue down to a particular patron that has been visiting web sites such as <a href="http://tw.yahoo.com" target="_blank">tw.yahoo.com</a>, <a href="http://mail.com" target="_blank">mail.com</a>, and <a href="http://email.com" target="_blank">email.com</a>. According to my ClearOS logs, the web pages with Chinese characters generate a long URL which crashes our web browsing – except for the Patron viewing the web pages. Once it crashes, I have to restart the ClearOS server and then it works for about 20-30 minutes before it crashes again. I’ve contacted ClearOS and they can’t recreate the issue but suggested that I turn off write caching – which I have but that doesn’t help.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I want to allow the patron to view web sites in their foreign language, but I also can’t have the internet crash every time they come in to use a computer. As far as <a href="http://email.com" target="_blank">email.com</a> and <a href="http://mail.com" target="_blank">mail.com</a>, the patron’s email account is loaded with spam and they click on everything. I’ve seen them click on a spam email that when opened, contain an endless redirect script that eventually crashes the internet for everyone. The redirects go to a random generated URL based in China. I don’t know if the patron has caught on that they are causing the issue and are purposely causing the internet to crash, or if they are just click happy and actually enjoy reading malicious emails? It’s suspicious that they click on the spam email and minimize the window while the redirect script runs in the background. <u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">The public computers are on the same subnet as the staff and they are locked down heavily with group policy, Faronics WINSelect, Anti-Virus, and DeepFreeze. I’ve tried switching them to a different subnet but that doesn’t fix the issue.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I’ve concluded:<u></u><u></u></p><p class="MsoNormal">- My ClearOS setup doesn’t play nice with web sites based in China, long Chinese characters in the URL, <a href="http://email.com" target="_blank">email.com</a> and <a href="http://mail.com" target="_blank">mail.com</a>. <u></u><u></u></p><p class="MsoNormal">- The ClearOS server works fantastic with everything else. <u></u><u></u></p><p class="MsoNormal">- The recommendation from ClearOS support doesn’t work. <u></u><u></u></p><p class="MsoNormal">- The issue happens with the particular patron only.<u></u><u></u></p><p class="MsoNormal">- We use OpenDNS to block web sites in addition to my IP range blocks on my gateway<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Is there anyone else out there that uses a Dansguardian/Squid based content filter? If so, have you had issues like me?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Thank you,<br><br>Chad<br><br><u></u><u></u></p><p class="MsoNormal">--<br><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">Chad Morris<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">Technology Coordinator<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">Franklin-Springboro Public Library<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">44 E. Fourth Street<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">Franklin, OH 45005<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">Office: <a href="tel:%28937%29%20746-2665%20ext%20116" value="+19377462665" target="_blank">(937) 746-2665 ext 116</a><br>Fax: <a href="tel:%28937%29%20746-2847" value="+19377462847" target="_blank">(937) 746-2847</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black">Email: <a href="https://mail.oplin.org/webmail/src/compose.php?send_to=morrisch%40oplin.org" target="_blank"><span style="color:black">morrisch@oplin.org</span></a><br><a href="http://www.fspl.org" target="_blank"><span style="color:black">www.fspl.org</span></a></span><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif""><u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>_______________________________________________<br>
OPLINTECH mailing list<br>
<a href="mailto:OPLINTECH@lists.oplin.org">OPLINTECH@lists.oplin.org</a><br>
<a href="http://lists.oplin.org/mailman/listinfo/oplintech" target="_blank">http://lists.oplin.org/mailman/listinfo/oplintech</a><br>
<br>
<br></blockquote></div><br></div>