Thanks Eliezer.
I think the server is the rejecting squid's IP as you pointed out,
with http_access not blocked for any machine.
Regards,
Satish
On Wed, Jun 5, 2013 at 1:51 AM, Eliezer Croitoru wrote:
> Sorry Satish Thareja,
>
> This post is outdated since squid is not in 2.5\6 but on 3.3.
> If
Sorry Satish Thareja,
This post is outdated since squid is not in 2.5\6 but on 3.3.
If you will share more from squid.conf lines we can try to help you.
if you can share the access.log we can try to understand.
please share IP etc..
if you are getting 403 it means that the server is rejecting you
Amos,
The config is to allow http access for all but this case.
I came across this link :
http://www.linuxquestions.org/questions/linux-networking-3/so-many-tcp_denied-in-squid-access-log-469574/
but I do not have anything blocked in my configuration.
Is it possible that, if the 'host' does not
On 4/06/2013 11:17 p.m., Satish Thareja wrote:
Hi,
I have configured my squid box without restricting 'http_access' on
any resource.
But when I try to access a resource 'host.domain.com' using the
hostname (i.e. host ) directly, I am getting TCP_DENIED/403 response
code.
I able to resolve 'host
Hi,
I have configured my squid box without restricting 'http_access' on
any resource.
But when I try to access a resource 'host.domain.com' using the
hostname (i.e. host ) directly, I am getting TCP_DENIED/403 response
code.
I able to resolve 'host' from the squid machine directly, but http
reque
Hello guys,
I'm facing the same issue Tom Tux have in this thread:
http://www.squid-cache.org/mail-archive/squid-users/201008/0631.html
As far as i understood, the TCP_DENIED/407 is normal in authenticated
environments.
My question is: Do these TCP_DENIED/407 count in the
"client_http.errors",
On 17.10.2012 09:49, Mike Muir wrote:
My acl section and http_access:
acl manager proto cache_object COAP
acl localhost src 127.0.0.1/32 ::1
acl Whitelist dstdomain "/etc/squid/whitelist_sites"
acl ncsa_users proxy_auth REQUIRED
acl SSL_ports port 443
acl Safe_ports port 80
acl CONNECT method CO
My acl section and http_access:
acl manager proto cache_object COAP
acl localhost src 127.0.0.1/32 ::1
acl Whitelist dstdomain "/etc/squid/whitelist_sites"
acl ncsa_users proxy_auth REQUIRED
acl SSL_ports port 443
acl Safe_ports port 80
acl CONNECT method CONNECT
acl all src all
# cachemgr acces
On 10/16/2012 9:41 PM, Mike Muir wrote:
Hello,
I'm getting a TCP DENIED/403 in the access log when trying to access
all HTTPS sites via web browser. The browser displays: Error 111
(net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
I've included the following in my squid.conf (I'm using Squid
Have you specified
https_port 443 ... cert=
http://www.squid-cache.org/Versions/v2/2.7/cfgman/https_port.html
Regards,
Andrew
-Original Message-
From: Mike Muir [mailto:mm...@uniqueltd.com]
Sent: Tuesday, October 16, 2012 3:41 PM
To: squid-users@squid-cache.org
Subject: [squid-users
Hello,
I'm getting a TCP DENIED/403 in the access log when trying to access
all HTTPS sites via web browser. The browser displays: Error 111
(net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
I've included the following in my squid.conf (I'm using Squid 2.7)
which to my understanding should allo
On 8/27/2012 11:09 PM, grant lowe wrote:
What am I doing wrong?
squid does exactly what the squid.conf saying..
##start
http_access allow localhost manager
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow local
Hi all,
I'm brand-spanking new to this, so please don't beat me up too bad
:-). Anyway, I have installed squid 3.2.0.17 on a CentOS 6.3 box. I'm
trying to set up a squid cluster. But when I test the connection via
telnet. I keep on getting errors like these in the access_log:
1346095968.991
ok, makes sense now :)
thank you for explanation :)
On Tue, Mar 20, 2012 at 11:27 PM, Amos Jeffries wrote:
> On 21.03.2012 15:04, alexus wrote:
>>
>> I dont understand maybe someone else can help me understand that...
>> how is that I allowed this domain in my log I get deny and next line
>> is m
On 21.03.2012 15:04, alexus wrote:
I dont understand maybe someone else can help me understand that...
how is that I allowed this domain in my log I get deny and next line
is miss?!
1332295011.844 0 186.176.225.154 TCP_DENIED/407 4183 GET
http://f.femowe.com/cgi/r? - NONE/- text/html
133229
I dont understand maybe someone else can help me understand that...
how is that I allowed this domain in my log I get deny and next line is miss?!
1332295011.844 0 186.176.225.154 TCP_DENIED/407 4183 GET
http://f.femowe.com/cgi/r? - NONE/- text/html
1332295013.395166 186.176.225.154 TCP_M
Well, for me it is not so much of a problem since I upstream to an ISP
with content/malware protection etc, but it would be nice to be able
report on all users of every method. Perhaps someone could enlighten this
mail?
My relevant squid.conf is as follows (I have the ACLs defined obviously...)
Hi Nick
Thank you for this explanation. I think, you're right. Could this
eventually be a security-problem, to allow unauthenticated
https-traffic with "http_access allow CONNECT SSL_ports"? Might be
yes, might be no. Is this behaviour part of a fact with SSL/HTTPS or
could this be eventually solv
Tom,
Just to say what I think (since you have almost the same setup as me I think):
you will always get that 407 at the moment. Squid requires an authenticated
user before allowing the page but you can't authenticate every method (at least
that is what I have found) in my setup.
Regardless of
Tom Tux wrote:
Hi Amos
Thanks a lot for this informations.
Is it usual/normal, that all https-requests have this error?
100% depends on your configuration file.
1282899033.246 0 xx.xx.xx.xx TCP_DENIED/407 3720 CONNECT
mail.google.com:443 - NONE/- text/html
As I already mentioned: The
Hi Amos
Thanks a lot for this informations.
Is it usual/normal, that all https-requests have this error?
1282899033.246 0 xx.xx.xx.xx TCP_DENIED/407 3720 CONNECT
mail.google.com:443 - NONE/- text/html
As I already mentioned: The sites, which are denied in the access.log,
are normal accessib
Tom Tux wrote:
Hi
For every HTTPS-Site I have the following tcp_denied/407-entry in the
access.log:
282895826.492 1 xx.xx.xx.xx TCP_DENIED/407 3720 CONNECT
mail.google.com:443 - NONE/- text/html
1282896033.320 1 xx.xx.xx.xx TCP_DENIED/407 3744 CONNECT
secure-www.novell.com:443 - NONE/-
Hi
For every HTTPS-Site I have the following tcp_denied/407-entry in the
access.log:
282895826.492 1 xx.xx.xx.xx TCP_DENIED/407 3720 CONNECT
mail.google.com:443 - NONE/- text/html
1282896033.320 1 xx.xx.xx.xx TCP_DENIED/407 3744 CONNECT
secure-www.novell.com:443 - NONE/- text/html
The s
Hi Nick
With IE, I have the following log-entry (useragent.log)
xx.xx.xx.xx [27/Aug/2010:07:15:29 +0200] "Mozilla/4.0 (Windows Vista
6.1) Java/1.6.0_12"
With FF, I got these one:
xx.xx.xx.xx [27/Aug/2010:07:15:51 +0200] "Mozilla/5.0 (Windows; U;
Windows NT 5.0; en-US; rv:1.9.2.8) Gecko/2010072
Tom,
What does useragent.log say when you use FF?
Nick
On 26/08/2010 09:27, "Tom Tux" wrote:
>Hi
>
>I recognised, that for some Java-Applets
>(http://java.sun.com/applets/jdk/1.4/demo/applets/BarChart/example1.html)
>I got TCP_DENIED/407-errors in the access.log. Depending on the
>browser, I
Hi
I recognised, that for some Java-Applets
(http://java.sun.com/applets/jdk/1.4/demo/applets/BarChart/example1.html)
I got TCP_DENIED/407-errors in the access.log. Depending on the
browser, I got an authentication window or a simple java-error (a "x"
in the browser-window).
I searched the forum
Hi
In my access.log I have some TCP_DENIED/407-messages like the
following (from different sites):
1282649791.425 0 xx.xx.xx.xx TCP_DENIED/407 4406 GET
http://wiki.squid-cache.org/wiki/squidtheme/css/projection.css -
NONE/- text/html
What does this means? The site is accessible correctly. A
Werner Opriel wrote:
Am Sonntag, 11. Juli 2010 schrieb Amos Jeffries:
Werner Opriel wrote:
We are using a debian-Package of Squid 2.7 Stable3 on a Debian Lenny
machine with ncsa-auth configured, acting as a central Internet-Proxy.
All Users/Passwords are stored in /etc/squid/passwd on localhos
Am Sonntag, 11. Juli 2010 schrieb Amos Jeffries:
> Werner Opriel wrote:
> > We are using a debian-Package of Squid 2.7 Stable3 on a Debian Lenny
> > machine with ncsa-auth configured, acting as a central Internet-Proxy.
> >
> > All Users/Passwords are stored in /etc/squid/passwd on localhost and on
Werner Opriel wrote:
We are using a debian-Package of Squid 2.7 Stable3 on a Debian Lenny machine
with ncsa-auth configured, acting as a central Internet-Proxy.
All Users/Passwords are stored in /etc/squid/passwd on localhost and only
authenticated users are allowed to surf on sites outside th
We are using a debian-Package of Squid 2.7 Stable3 on a Debian Lenny machine
with ncsa-auth configured, acting as a central Internet-Proxy.
All Users/Passwords are stored in /etc/squid/passwd on localhost and only
authenticated users are allowed to surf on sites outside the intranet.
There are n
Hi
I've implemented a NTLM-authentication against a w2k3-domain.
Everything seems to work, but I've a lot of "TCP_DENIED/407"-errors in
my squid-access-log. Is this normal or what could be wrong here? Why
do I have so many TCP_DENIED/407 although every page is accessible?
This is normal a
Hi
I've implemented a NTLM-authentication against a w2k3-domain.
Everything seems to work, but I've a lot of "TCP_DENIED/407"-errors in
my squid-access-log. Is this normal or what could be wrong here? Why
do I have so many TCP_DENIED/407 although every page is accessible?
Thanks a lot.
Tom
On Wed, 10 Mar 2010 15:51:18 +, Nick Cairncross
wrote:
> Hi All,
>
> I have some Mac clients/services that require internet via my Squid. Two
> such programs are Evernote and VMWare. Both are requesting access and
both
> are being denied. The errors I see in the access.log are as follows and
Hi All,
I have some Mac clients/services that require internet via my Squid. Two such
programs are Evernote and VMWare. Both are requesting access and both are being
denied. The errors I see in the access.log are as follows and nothing else:
268234226.935 0 172.16.0.38 TCP_DENIED/407 2117
kevin band wrote:
Hi Amos,
Thanks for the reply, I'm happy to accept what you say, but is there
anything specific that tells you that it's the remote web-server
rather than the squid-proxy that's rejecting the connection?
Regarding, dstdomain, yes I am familiar with that, but it doesn't meet
ou
No, the point is, when the rule :
http_access allow CONNECT SSL_ports
is in the configuration, ALL SSL requests are permitted, regardless of
any other restrictions. HTTP is restricted correctly.
2009/12/8 Amos Jeffries :
> kevin band wrote:
>>
>> I've managed to get this working, but I'm not
kevin band wrote:
I've managed to get this working, but I'm not happy because in doing
so I've created a different issue.
My problems all started a few weeks ago when I was trying to tighten
up the rules.
Basically we have two squid proxy servers which are supposed to
contain the same configurat
I've managed to get this working, but I'm not happy because in doing
so I've created a different issue.
My problems all started a few weeks ago when I was trying to tighten
up the rules.
Basically we have two squid proxy servers which are supposed to
contain the same configuration.
I noticed that
Forwarded to mailing list
-- Forwarded message --
From: kevin band
Date: 2009/12/7
Subject: Re: [squid-users] TCP_Denied for when requesting IP as URL
over SSL using squid proxy server.
To: Amos Jeffries
> Taking a much closer look now I change my mind. It probably is Sq
I didn't realise I'd sent this directly to Amos, I meant to reply to
the mailing list.
-- Forwarded message --
From: kevin band
Date: 2009/12/7
Subject: Re: [squid-users] TCP_Denied for when requesting IP as URL
over SSL using squid proxy server.
To: Amos Jeffries
kevin band wrote:
Hi,
I'm hoping somebody can help me here, because I'm at a loss about what
to do next.
Basically we have squid running as a proxy server to restrict access
to just those sites which we've included in our ACL's
I have noticed recently that it isn't handling HTTPS reqests proper
Hi,
I'm hoping somebody can help me here, because I'm at a loss about what
to do next.
Basically we have squid running as a proxy server to restrict access
to just those sites which we've included in our ACL's
I have noticed recently that it isn't handling HTTPS reqests properly
if the URL contai
Stefan Jensen wrote:
Am Donnerstag, den 16.04.2009, 12:52 -0800 schrieb Chris Robertson:
acl microsoft dstdomain .microsoft.com .windowsupdate.com
http_access deny !microsoft blockfiles
That was easy! :-) Thank you very much.
The full currently known list of WU sites is listed at:
http:/
Am Donnerstag, den 16.04.2009, 12:52 -0800 schrieb Chris Robertson:
> acl microsoft dstdomain .microsoft.com .windowsupdate.com
> http_access deny !microsoft blockfiles
That was easy! :-) Thank you very much.
best regards
Stefan
--
Stefan Jensen wrote:
Hi,...
Am Montag, den 13.04.2009, 17:50 +0300 schrieb Mehmet ÇELiK:
you have specified ".com$" in Squid. You must use mimetype instead of
urlregex_path.
Thanks. I've now switch to mimetype blocking and it seems to works
really great. Much better suitable for me,
Hi,...
Am Montag, den 13.04.2009, 17:50 +0300 schrieb Mehmet ÇELiK:
> you have specified ".com$" in Squid. You must use mimetype instead of
> urlregex_path.
Thanks. I've now switch to mimetype blocking and it seems to works
really great. Much better suitable for me, instead of blocking hole
si
You must use mimetype instead of
urlregex_path.
Regards.
- Original Message -
From: "Amos Jeffries"
To: "Stefan Jensen"
Cc:
Sent: Sunday, April 12, 2009 6:12 AM
Subject: Re: [squid-users] TCP_DENIED on youtube
Stefan Jensen wrote:
Hi,...
i got some TCP
Stefan Jensen wrote:
Hi,...
i got some TCP_DENIED on youtube.com:
"TCP_DENIED/403 3446 GET http://googleads.g.doubleclick.net/pagead/ads?
- NONE/- text/html"
It is an embedded ad page on youtube in the upper right. (e.g:
http://www.youtube.com/browse)
I have this in my squid.conf:
acl bloc
Hi,...
i got some TCP_DENIED on youtube.com:
"TCP_DENIED/403 3446 GET http://googleads.g.doubleclick.net/pagead/ads?
- NONE/- text/html"
It is an embedded ad page on youtube in the upper right. (e.g:
http://www.youtube.com/browse)
I have this in my squid.conf:
acl blockfiles urlpath_regex -i
hello list
I am using squid/2.6.STABLE5 on debian etch and when and I authenticate to
navigate through of my proxy receipt an error TCP_DENIED/407.
when I remove [-c] of auth_param digest program
/usr/lib/squid/digest_pw_auth -c /etc/apache2/passwd and i put
username:passwd format in the pa
Jigar Raval wrote:
Hello,
We have observed that on our system there is a link of
dss1.siteadvisor.com generating background request and
hence we were getting error in access.log file.
Error was TCP_DENIED/400 error:invalid reuqest.
Our proxy server is configured with authentication.
When we en
Hello,
We have observed that on our system there is a link of
dss1.siteadvisor.com generating background request and
hence we were getting error in access.log file.
Error was TCP_DENIED/400 error:invalid reuqest.
Our proxy server is configured with authentication.
When we enable transparent setti
tor 2008-04-17 klockan 04:59 -0700 skrev Jigar Raval:
> Hello,
>
> Squid log flooded with TCP_DENIED/400 1521 GET
> error:invalid-request. Around 20lacs entry in file.
> What could be the problem? Can i eliminate this entry
> not to be logged in access_log file.
There probably is more details on
Jigar Raval wrote:
Hello,
Squid log flooded with TCP_DENIED/400 1521 GET
error:invalid-request. Around 20lacs entry in file.
What could be the problem? Can i eliminate this entry
not to be logged in access_log file.
Better to fix the breakage.
That error usually comes up when squid is listeni
Hello,
Squid log flooded with TCP_DENIED/400 1521 GET
error:invalid-request. Around 20lacs entry in file.
What could be the problem? Can i eliminate this entry
not to be logged in access_log file.
jigar
So let me get this straight:
* Squid listens on 192.168.1.1:3128
* Apache listens on 192.168.1.1:80
* When IE is _configured_ for startup to load http://192.168.1.1/wpad.dat
* IE for a URI (any URI?!) it sends a request squid can't handle.
Next thing to check is that HTTP/1.1 is disabled in
http://192.168.1.1/wpad.dat
IE6
-- Original message --
From: "Amos Jeffries" <[EMAIL PROTECTED]>
> > Amos,
> >
> > While I appreciate the input on my config file, do you see anything that
> > would cause it to give me these errors?
> >
> > Here is my wpad.dat:
> >
> Amos,
>
> While I appreciate the input on my config file, do you see anything that
> would cause it to give me these errors?
>
> Here is my wpad.dat:
>
> function FindProxyForURL(url,host) {
> return "PROXY 192.168.1.1:3128";
> }
Okay. That makes it a problem with the request the brows
Amos,
While I appreciate the input on my config file, do you see anything that would
cause it to give me these errors?
Here is my wpad.dat:
function FindProxyForURL(url,host) {
return "PROXY 192.168.1.1:3128";
}
Here is what I see in the logs:
1205192406.411 0 192.168.1.99 TCP_
[EMAIL PROTECTED] wrote:
I have squid 2.6stable18 on a debian sarge box in non-transparent mode. I also
have apache web server setup on this box and it works fine - when the browser is
pre-configured for the proxy.
I have some people come in and use their laptops from time to time so I need a
I have squid 2.6stable18 on a debian sarge box in non-transparent mode. I also
have apache web server setup on this box and it works fine - when the browser
is
pre-configured for the proxy.
I have some people come in and use their laptops from time to time so I need a
way to automatically dire
> Rebecca Pakish Crum wrote:
> > Hi all - I'm running an older version of squid
> (squid/2.5.STABLE10) on
> > a Fedora Core box. Usually I have no problems, but one of
> my end-users
> > is clicking on a link on a county website that takes them
> (or tries to
> > take
> > them) to www2.madiso
Rebecca Pakish Crum wrote:
Hi all - I'm running an older version of squid (squid/2.5.STABLE10) on a
Fedora Core box. Usually I have no problems, but one of my end-users is
clicking on a link on a county website that takes them (or tries to take
them) to www2.madisoncountyindiana.org:450/..
I
Hi all - I'm running an older version of squid (squid/2.5.STABLE10) on a
Fedora Core box. Usually I have no problems, but one of my end-users is
clicking on a link on a county website that takes them (or tries to take
them) to www2.madisoncountyindiana.org:450/..
I'm getting TCP_DENIED:NONE in
Hello,
trying to view this web page
http://gepas.bioinfo.cipf.es/cgi-bin/norm.cgi
we get this error:
TCP_DENIED/411 3610 POST http://gepas.bioinfo.cipf.es/cgi-bin/norm.cgi -
NONE/- text/html
Googled about this error, got this article:
http://www.squid-cache.org/mail-archive/squid-users/20060
Kyle Wa wrote:
Ok got that, added the directive, now I get this error
10.19.110.91 TCP_DENIED/400 1226 ticker 6 24491597,307616,758185,kylewa 63 -
NONE/- text/html
Well, a 400 error is "Bad Request"
(http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-e0d4421694c8f3dbfbabeb029330bd478ae849
Subject: Re: [squid-users] tcp_denied error on java applet
Kyle Wa wrote:
> Hey guys, having trouble figuring this one out. I have a client trying to
> run this java applet, but when we installed our transparent proxy last
week
> it stopped working. We have no ACLs running against this specif
Kyle Wa wrote:
Hey guys, having trouble figuring this one out. I have a client trying to
run this java applet, but when we installed our transparent proxy last week
it stopped working. We have no ACLs running against this specific client;
the proxy is strictly for caching purposes
The java app r
Hey guys, having trouble figuring this one out. I have a client trying to
run this java applet, but when we installed our transparent proxy last week
it stopped working. We have no ACLs running against this specific client;
the proxy is strictly for caching purposes
The java app runs against port
Hello,
I am using Squid Cache: Version 2.5.STABLE5 that comes with FC2.
Recently Yahoo is migrating users to new version of Yahoo Photos based on AJAX.
Whenever I try to open any album it says
"There was a problem loading your photos. Please try again later."
And on checking squid logs it said
I have a particular site that is getting this error when using squid as
a transparent proxy:
1149867876.810 50 192.168.1.23 TCP_DENIED/411 \
2132 POST http://dev.example.com/HSXMLAdmin/galleryloader.php \
- NONE/- text/html
Searching brought me to this article:
http://www.squid-c
> Hi all,
>
> We are running squid 2.5 stable 5 on a redhat 9 (2.4 kernel) with
> ncsa_auth. Every so often our users complian that they are not able to
> authenticate through the proxy. We I check the usernname password,
> ncsa_auth says all is OK (but from the browser I get access denied. If I
>
Hi all,
We are running squid 2.5 stable 5 on a redhat 9 (2.4 kernel) with
ncsa_auth. Every so often our users complian that they are not able to
authenticate through the proxy. We I check the usernname password,
ncsa_auth says all is OK (but from the browser I get access denied. If I
do a "squid -
-Original Message-
From: Ronald Warner [mailto:[EMAIL PROTECTED]
Sent: Friday, 27 May 2005 12:55
To: squid-users@squid-cache.org
Subject: [squid-users] TCP_DENIED/407
Good day.
We have recently started using squid2.5stable9 with NTML
authentication. Authentication works fine. However
Good day.
We have recently started using squid2.5stable9 with NTML
authentication. Authentication works fine. However, there are times
with access to Internet websites seem slow. I reviewed the access.log
and found the entries below:
1117161853.042 3 10.2.141.234 TCP_DENIED/407 1741 GET
On Wed, 11 May 2005, Siew Wing Loon wrote:
And, there is an error in squid access.log file as
below. What does this mean?
TCP_DENIED/411 1665 GET
http://www.domain.com/control/trading.dll? -
This is a bad request not complying fully with the HTTP specifications. To
be specific the GET reque
Hi all,
I am running a transparent proxy with the following
rules: -
$IPTABLES -t nat -A PREROUTING -i eth1 -s ! 10.159.2.4
-p tcp --dport 80 -j DNAT --to 10.159.2.4:3128
$IPTABLES -t nat -A POSTROUTING -o eth1 -s
10.159.2.0/24 -d 10.159.2.4 -j SNAT --to 10.159.2.1
$IPTABLES -t filter -A FORWAR
Hello,
I am trying to move my squid from one 'ordinary' machine to a linux
virtual server, that is to one of multiple 'virtual servers' running on
the same physical machine.
I had been running 2.5.1 but downloaded and started 2.5.6 figuring the
L&G was appropriate.
I copied my squid.conf to the
On May 24, 2004, at 1:15 PM, Jose Nathaniel Nengasca wrote:
And by the way, 192.168.0.0/255.255.0.0 is correct? are you using
class B on
192.168? instead of using class C?
I'm using more than one /24 in 192.168, so I just mask it off at /16.
:)
smime.p7s
Description: S/MIME cryptographic signa
Original Message -
> From: "Jose Nathaniel Nengasca" <[EMAIL PROTECTED]>
> To: "Squid Mailing List" <[EMAIL PROTECTED]>
> Sent: Monday, May 24, 2004 11:12 AM
> Subject: Re: [squid-users] TCP_DENIED/403 1402 GET
>
>
> > It seems that your n
004 11:12 AM
Subject: Re: [squid-users] TCP_DENIED/403 1402 GET
> It seems that your netmask ACL on ALL is a bit messy, try not to use
> 255.255.255.255, use 0.0.0.0 instead...
>
>
> > Hello,
> >
> > I searched the archives, edited my ACLs, but I can't figure this o
It seems that your netmask ACL on ALL is a bit messy, try not to use
255.255.255.255, use 0.0.0.0 instead...
> Hello,
>
> I searched the archives, edited my ACLs, but I can't figure this one
> out. A Version 2.5.STABLE5 that seemed to be working fine is now
> rejecting users with an access denied
On May 23, 2004, at 4:49 PM, Christoph Haas wrote:
May I assume you have restarted squid?
Christoph
A fair question. :) The answer is yes, several times. I even started
it and kept it from running in the background:
squid -N -d 9
Nothing useful came up on my console; nothing. I'm a bit
On Sun, May 23, 2004 at 04:32:23PM -0500, jorn wrote:
> On May 23, 2004, at 3:57 PM, Christoph Haas wrote:
> >Try this:
> >debug_options ALL,1 33,2
> >
> >and watch your cache.log to see which ACL blocks you.
> >
> > Christoph
>
> My cache.log seemed to show no more interesting data than before, w
On May 23, 2004, at 3:57 PM, Christoph Haas wrote:
Try this:
debug_options ALL,1 33,2
and watch your cache.log to see which ACL blocks you.
Christoph
--
My cache.log seemed to show no more interesting data than before, which
is essentially startup data and nothing else. Even when I set :
On May 23, 2004, at 3:57 PM, Christoph Haas wrote:
Try this:
debug_options ALL,1 33,2
and watch your cache.log to see which ACL blocks you.
Christoph
--
My cache.log seemed to show no more interesting data than before, which
is essentially startup data and nothing else. Even when I set :
On Sun, May 23, 2004 at 03:35:13PM -0500, jorn wrote:
> Hello,
>
> I searched the archives, edited my ACLs, but I can't figure this one
> out. A Version 2.5.STABLE5 that seemed to be working fine is now
> rejecting users with an access denied message. My access log has
> entries like the follow
Hello,
I searched the archives, edited my ACLs, but I can't figure this one
out. A Version 2.5.STABLE5 that seemed to be working fine is now
rejecting users with an access denied message. My access log has
entries like the following:
1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET
On Wed, 7 Jan 2004, anders wrote:
> http://www.google.se/search? - NONE/- text/html
> 1073512973.676 7 citrix13.jll.se TCP_DENIED/407 1902 GET
> http://www.google.se/search? - NONE/- text/html
> 1073512975.155 1479 citrix13.jll.se TCP_MISS/200 6785 GET
> http://www.google.se/search? jll\adm
why do i get this when the auth works against a AD
samba 3.0.0
squid 2.5.STABLE4
the smb.conf is not needed
because it works
here's my squid.conf lines
acl domainusers proxy_auth REQUIRED
http_access allow domainusers
auth_param ntlm program /usr/lib/squid/ntlm_auth JLL/jllpdc
JLL/tebdc.jll.j
Thank you everyone.!
I finally got it to work.
On Sat, 13 Sep 2003, Raymond Norton wrote:
> That is what it seems, but I have no way of passing authentication to the
> program. This site uses the link https://map.nwea.org/taa.hta
Then you may need to make an exception allowing this program access
without requiring authentication, or speak to
> That is what it seems, but I have no way of passing authentication to the
> program.
So you're not using a browser - you're using a brain dead program that doesn't
understand proxy authentication. Two things you need to do:
1) Complain vigorously to the site in question - tell them their progr
>
> > 1063418371.130 1 172.21.0.1 TCP_DENIED/407 1300 CONNECT
map.nwea.org:443 -
> > NONE/- -
>
> This is Squid asking your client program (browser etc) to authenticate.
>
> Regards
> Henrik
>
That is what it seems, but I have no way of passing authentication to the
program. This site uses the lin
On Sat, 13 Sep 2003, Adam Aube wrote:
> > acl Safe_ports port 800 # Squids port (for icons)
>
> You don't need this line - Squid won't make an HTTP request to the port it is
> listening on.
But the clients does for icons in FTP listings etc...
Regards
Henrik
On Fri, 12 Sep 2003, Raymond Norton wrote:
> 1063418371.130 1 172.21.0.1 TCP_DENIED/407 1300 CONNECT map.nwea.org:443 -
> NONE/- -
This is Squid asking your client program (browser etc) to authenticate.
Regards
Henrik
>
> > http_access allow !Safe_ports
> > # http_access allow CONNECT !SSL_ports
>
> Make these two lines:
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> This will keep your Squid box from being exploited to do all sorts of
nasty
> things (including spamming).
>
> > acl Sa
> This is in an IPCop box. Very simple config. Here is the whole thing.
Okay - let's fix some issues. May/may not fix your current problem, but it
will make the config file more sane and possibly head off problems down the
road.
> http_access allow !Safe_ports
> # http_access allow CONNECT !SSL
/var/log/cache 50 16 256
request_body_max_size 0 KB
reply_body_max_size 0 KB
- Original Message -
From: "Adam Aube" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 12, 2003 10:28 PM
Subject: Re: [squid-users] TCP_Denied
> > I am trying
1 - 100 of 113 matches
Mail list logo
