[squid-users] wrong content in squid cache

Hello,

we use squid-2.5STABLE1 as shiped with SuSE Linux 8.2.
Since last week several clients get a wrong site from squid cache.
For example:

The client tries to fetch http://www.arbeitsamt.de and gets
the content of the side forums.groundspeak.com.

This wrong content can be found in the cache directory of squid.

I've attached the configfile and cache object of www.arbeitsamt.de
with the wrong content.

Can anybody see what's wrong here ?

Since today we use aufs instead of diskd and till now we can't see any
errors.

--snip-- squid.conf
http_port 8080
icp_port 0
cache_peer 127.0.0.1 parent 8180 0 no-query default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 512 MB
maximum_object_size 20480 KB
cache_dir aufs /var/cache/squid1 10240 16 256
cache_store_log none
ftp_list_width 50
auth_param basic program /usr/sbin/squid_ldap_auth -b ....
auth_param basic children 15
auth_param basic credentialsttl 2 hours
auth_param basic realm Proxy-Server
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl password proxy_auth REQUIRED
acl snmpread snmp_community public
acl nocacheservers dst <some local addresses>
acl manager proto cache_object
acl CONNECT method CONNECT
acl SSL_ports port 443 563
acl PURGE method PURGE
http_access allow manager localhost
http_access allow PURGE localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny PURGE
http_access allow password
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
visible_hostname ...
unique_hostname ...
always_direct allow localhost
never_direct allow all
error_directory /etc/squid/German
snmp_port 3401
snmp_access deny all
snmp_incoming_address <inside interface>
coredump_dir /var/cache/squid1
--snip-- cache object
^CW^@^@^@^C^P^@^@^@lÔÎðå?URi222l^?¯êl÷^E^X^@^@^@211óFA212óFAÿÿÿÿá±»?^@^@^@^@^A^@`^D^D^Z^@^@^@http://www.arbeitsamt.de/^@
HTTP
/1.1 200 OK
Content-Length: 176
Content-Type: text/html
Content-Location: http://www.arbeitsamt.de/404.html
Last-Modified: Wed, 19 Nov 2003 18:09:37 GMT
Accept-Ranges: bytes
ETag: "549e214bc8aec31:626"
Server: Microsoft-IIS/6.0
Date: Tue, 14 Sep 2004 13:35:05 GMT
Connection: close

<HTML>
 <HEAD>
  <TITLE>Groundspeak Forums Redirect</TITLE>
 </HEAD>

  <META http-equiv="refresh" content="0;
url=http://forums.groundspeak.com/GC/">

 </BODY>
</HTML>
--snip--

--snip-- output from purge command
### Use at your own risk! No guarantees whatsoever. You were warned. ###
#
# Currently active values for purge:
# $Id: purge.cc,v 1.17 2000/09/21 10:59:53 cached Exp $
# Debug level : production level + parallel mode + extra verbosity
# Copy-out directory: copy-out mode disabled
# Squid config file : /etc/squid/squid.conf
# Cacheserveraddress: 127.0.0.1:3128
# purge mode : 0x00
# Regular expression: 1 "www.arbeitsamt.de"
#
/var/cache/squid1/0F/3D/000F3D65 0 474
6CD4CEF0E53F555269926C7FAFEA6CF7 4146f389 4146f38a ffffffff 3fbbb1e1
0460 1 http:
//www.arbeitsamt.de/
--snip--

-- 
Gruß
  Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.