Hello Amos Thank you, Much appreciated.
Regrads, Dawie Pretorius Dawie Pretorius wrote: > Hello > > Getting this error "1267609425.628 270 172.16.8.105 TCP_MISS/000 0 GET > ftp://XX.XX.XX.XX/ - DIRECT/XX.XX.XX.XX - and a black page on my web browser > on when accessing this ftp site. > > When using no proxy FTP site ask for authentication? > Squid older than 3.1 were somewhat restricted in their use of auth with FTP. They would not pass back the headers to trigger HTTP auth properly and required the user/pass to be in the URL. Your config shows signs of being in an older Squid, so the fix will be either using 3.1 or adding the credentials to the FTP URLs. > Here is my squid.conf: > > http_port 0.0.0.0:51313 > cache_peer ZATBIMPROXY02 sibling 3128 0 default login=PASS > persistent_connection_after_error on > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY Drop that QUERY stuff to improve your dynamic objects caching. A large portion seem to be cacheable now. > cache_mem 50 MB > maximum_object_size 20 MB > access_log /var/log/squid/access.log squid > cache_log /var/log/squid/cache.log > cache_store_log /var/log/squid/store.log Not useful for much beyond debugging: cache_store_log none > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 Missing right here: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > half_closed_clients off > acl manager proto cache_object > acl localnet src XX.XX.XX.XX/12 > acl localhost src 127.0.0.1/255.255.255.255 acl localhost src 127.0.0.1 > acl to_localhost dst 127.0.0.0/8 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 <snip> > http_access deny CONNECT !SSL_ports > acl cape_town src XX.XX.XX.XX/255.255.254.0 acl cape_town src XX.XX.XX.XX/23 > http_access allow cape_town > acl our_networks src XX.XX.XX.XX/255.255.254.0 XX.XX.XX.XX/255.255.254.0 > XX.XX.XX.XX/255.255.255.0 acl our_networks src XX.XX.XX.XX/23 XX.XX.XX.XX/23 XX.XX.XX.XX/24 > http_access allow our_networks > http_access allow localhost > http_reply_access allow all > icp_access allow all > cache_mgr [email protected] > visible_hostname ZATBIMPROXY01 > deny_info ERR_ACCESS_DENIED blacklist > deny_info ERR_ACCESS_DENIED denyfiletypes ACCESS_DENIED is the default page sent on "http_access deny". There is no need to specify it explicitly like that. > > This FTP does ask for authentication and you cannot login anonymously. Is > this something that I have in my squid.conf or does not have in my > squid.conf? Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24 Current Beta Squid 3.1.0.17 Note: Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver to anyone this message (or any part of its contents ) or take any action in reliance on it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use. The views, opinions, conclusions and other information expressed in this electronic mail are not given or endorsed by the company unless otherwise indicated by an authorized representative independent of this message.
