Re: [squid-users] Squid doesn't call helper
Thank you very much With the debug option i found the error An external acl program later in the config returned a number and OK in one line (5:OK or 10:ERR) The acl handler in squid got an exception handling this returned result and all requests got DENIED After correcting the external handler squid works OK AAA Yours Anton Kornexl -Ursprüngliche Nachricht- Von: squid-users Im Auftrag von Amos Jeffries Gesendet: Dienstag, 20. Oktober 2020 13:38 An: squid-users@lists.squid-cache.org Betreff: Re: [squid-users] Squid doesn't call helper On 20/10/20 6:18 pm, Kornexl, Anton wrote: > Squid 4.10 on Ubuntu 20.04 > > > > The configured program is started but not called (or the result not used) > Please check cache.log to find out which of those two very different things is happening. One means the ACL is not being checked or credentials not provided. The other means credentials are invalid. You may need to set this directive: debug_options 11,2 29,5 28,4 > The authentication window does not show up in the browser That means the auth result was not deny. > > All request are denied because acl proxyuser doesn’t match > There is no deny line in your shown config using auth ACLs. > The same config runs on squid 3.5.27 on Ubuntu 18.04 and squid 4.13 on > opensuse 4.13 > > > > How can i debug this problem > Check cache.log with this directive set: debug_options 11,2 29,5 28,4 > Other helpers are also not called/used > > That strongly implies you have an ordering problem in your config file. One early ACL allowing or denying traffic before any helpers get checked. > > http_access allow jufi1 > > http_access allow jufi1-6 > > http_access allow jufi2 > > http_access allow jufi2-6 > Since they are all the same type, and used the same way at the same time You can combine all those ACLs into one name. > > http_access allow proxyusers > Please try the recommended auth config: http_access deny !proxyusers http_access allow localnet Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid doesn't call helper
On 20/10/20 6:18 pm, Kornexl, Anton wrote: > Squid 4.10 on Ubuntu 20.04 > > > > The configured program is started but not called (or the result not used) > Please check cache.log to find out which of those two very different things is happening. One means the ACL is not being checked or credentials not provided. The other means credentials are invalid. You may need to set this directive: debug_options 11,2 29,5 28,4 > The authentication window does not show up in the browser That means the auth result was not deny. > > All request are denied because acl proxyuser doesn’t match > There is no deny line in your shown config using auth ACLs. > The same config runs on squid 3.5.27 on Ubuntu 18.04 and squid 4.13 on > opensuse 4.13 > > > > How can i debug this problem > Check cache.log with this directive set: debug_options 11,2 29,5 28,4 > Other helpers are also not called/used > > That strongly implies you have an ordering problem in your config file. One early ACL allowing or denying traffic before any helpers get checked. > > http_access allow jufi1 > > http_access allow jufi1-6 > > http_access allow jufi2 > > http_access allow jufi2-6 > Since they are all the same type, and used the same way at the same time You can combine all those ACLs into one name. > > http_access allow proxyusers > Please try the recommended auth config: http_access deny !proxyusers http_access allow localnet Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid doesn't call helper
Squid 4.10 on Ubuntu 20.04 The configured program is started but not called (or the result not used) The authentication window does not show up in the browser All request are denied because acl proxyuser doesn't match The same config runs on squid 3.5.27 on Ubuntu 18.04 and squid 4.13 on opensuse 4.13 How can i debug this problem Other helpers are also not called/used The squid user can execute the configured program /usr/local/bin/mysql_auth and returns an OK sudo -u squid /usr/local/bin/mysql_auth test testing OK --- auth_param basic program /usr/local/bin/mysql_auth auth_param basic children 10 startup=5 idle=1 auth_param basic utf8 on auth_param basic realm "Squid proxy-caching web server" auth_param basic credentialsttl 2 hours acl jufi1 src 1.2.3.4/32 acl jufi1-6 src 2a01:.::2 acl jufi2 src 1.2.3.5/32 acl jufi2-6 src 2a01:.::2 acl proxyusers proxy_auth REQUIRED http_access allow jufi1 http_access allow jufi1-6 http_access allow jufi2 http_access allow jufi2-6 http_access allow proxyusers --- Yours Anton Kornexl ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users