Squid Web Proxy Cache Integration > Troubleshooting Squid Web Proxy Cache integration
|
If you have configured your Squid machine to act as a proxy server for Internet traffic, you must define the IP address of the proxy server machine in TRITON - Web Security. See Identifying the Proxy Cache and the HTTP port for Network Agent.If you integrated Websense software with the Squid Web Proxy Cache on a machine running the Red Hat Enterprise Linux 4.7 operating system, and Websense filtering is not working, the problem may be the Security-enhanced Linux (SELinux) configuration.The Red Hat Enterprise Linux 4.7 operating system installs SELinux by default. The SELinux installation is a kernel modification that reduces root user and hierarchical privilege vulnerabilities. The default SELinux installation packaged with Red Hat Enterprise Linux 4.7 prevents Squid from launching the Websense Squid Plug-in (WsRedtor). If WsRedtor does not launch, filtering cannot occur.To determine if this is the problem, verify that WsRedtor is not launching on the Red Hat Enterprise Linux machine:
WsRedtor does not appear in the process command list, although other Websense services do.
Error messages associated with WsRedtor appear in the Squid cache.log (see Squid documentation for the location of this log file).
Error messages associated with WsRedtor appear in the Linux system log (located by default at /var/log/messages).If you determine that WsRedtor is not launching, there are several options to resolve the issue:
Do not install Websense software on a machine using an SELinux-enabled Red Hat Enterprise Linux operating system and the version of Squid prepackaged with that Red Hat installation. If SELinux is not enabled, you can install Websense software on a machine using a Red Hat Enterprise Linux operating system and the prepackaged version of Squid.
Before you install Websense software on a machine using an SELinux-enabled Red Hat Enterprise Linux operating system, you can install Squid Web Proxy Cache directly from the official Squid Web site at www.squid-cache.org. This Squid installation does not stop WsRedtor as does the version packaged with the Red Hat Enterprise Linux ES release 4 operating system.
If you are familiar with configuring permissions for SELinux-enabled Red Hat, you can configure permissions so that WsRedtor can launch. See your Red Hat Enterprise Linux ES documentation for instructions. Additional information about SELinux is available at www.nsa.gov/selinux/.If outgoing Internet traffic is slower than expected, increase the number of redirectors spawned by Squid. In the squid.conf file, go to the redirect_children tag (v2.5) or the url_rewrite_children tag (v2.6), and increase the number by 10. The current default is 30.If the performance continues to be slow, consult Squid documentation and check your network settings.Squid Web Proxy Cache crashes because it cannot launch Squid plug-in (WsRedtor)If Squid Web Proxy Cache fails to start, check the cache.log file (by default, located in /usr/local/squid/logs/).
This section discusses only one possible reason for Squid Web Proxy Cache to crash. Squid Web Proxy Cache may have crashed for some other reason (for example, configuration error). See your Squid documentation.<timestamp>| helperOpenServers: Starting 30 'WsRedtor' processesThe log may then indicate errors while starting the processes due to a missing file. For example (message appears multiple times):(WsRedtor): error while loading shared libraries: <filename>: cannot open shared object file: No such file or directoryAfter that, the log indicates redirectors (i.e., WsRedtor) failed. For example (message appears multiple times):If you see entries like this in cache.log, a file required by the redirectors is missing. Such files reside in two places: ../Websense/bin and /etc/wsLib. A copy of each file must be in both directories. The above errors are occurring because a file is missing from the /etc/wsLib directory.
1. Look in ../Websense/bin for the missing file indicated in cache.log (i.e., <filename> in the example log entry above).If you do not find the missing file in ../Websense/bin, then the crash may be due to another issue. Contact Websense Technical Support.
Websense Technical Support can provide support for Squid Web Proxy Cache for issues related to Websense software only. If you are experiencing problems with your installation of Squid Web Proxy Cache for reasons unrelated to Websense software, you must refer to Squid documentation and support resources.
2.
Note that if more than one file is missing from /etc/wsLib, you must repeat these steps for each file. Squid Web Proxy Cache indicates only one missing file at a time in cache.log.
Squid Web Proxy Cache Integration > Troubleshooting Squid Web Proxy Cache integration
|