[squid-users] acl issues
Still chasing getting PC restrictions to work. I just don't get it. I have acl's defined, and I can see it checking them, in the cache.log. However, it seems it is hosing up on the IP check. Always seems to be checking "127.0.0.1" instead of the actual connection's IP. Below is an example from the log: 2005/08/01 14:54:56| aclCheck: checking 'http_access allow JOESPC LETIN1' 2005/08/01 14:54:56| aclMatchAclList: checking JOESPC 2005/08/01 14:54:56| aclMatchAcl: checking 'acl JOESPC src 192.168.0.16' 2005/08/01 14:54:56| aclMatchIp: '127.0.0.1' NOT found 2005/08/01 14:54:56| aclMatchAclList: returning 0 Why is aclMatchIp checking 127.0.0.1? What am I missing?
[squid-users] Acl Issues
Happy New year everyone. I am having some issues with my acl setup. I am running squid25 on freebsd 5.3 >From Squid.conf I am using the defalut squid.conf file with these changes auth_param basic program /usr/local/libexec/squid/pam_auth auth_param basic realm This is my basic auth auth_param basic children 5 auth_param basic credentialsttl 2 hours acl all src 0.0.0.0/0.0.0.0 acl password proxy_auth REQUIRED http_access allow password http_access deny all When I setup and run a browser it comes up with this: 2004/12/31 19:51:23| The request GET http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0409&pver=6.0&ar=home is DENIED, because it matched 'password' 2004/12/31 19:51:23| clientReadRequest: FD 18: no data to process ((35) Resource temporarily unavailable) Before I type a username and password in. If I type the username and password it, it denies it. However, if I run pam_auth as squid at the command line and type in the same username and password I get an OK Does anyone have an idea why this does not work. If I remove the proxy_auth stuff and change it to allow all, it works fine. Please let me know, Michael
[squid-users] ACL issues
I have been getting a lot of incorrect deny with my Squid system. I double checked the ACL's that I am using and sites like belkin.com are not in any of my acl's however they are still getting blocked. Is there how would I go about finding out what ACL is blocking access to these sites? Thanks Craig
Re: [squid-users] acl issues
What's your config look like? Tim Joe Acquisto <[EMAIL PROTECTED]> 08/01/2005 03:21 PM To squid-users@squid-cache.org cc Subject [squid-users] acl issues Still chasing getting PC restrictions to work. I just don't get it. I have acl's defined, and I can see it checking them, in the cache.log. However, it seems it is hosing up on the IP check. Always seems to be checking "127.0.0.1" instead of the actual connection's IP. Below is an example from the log: 2005/08/01 14:54:56| aclCheck: checking 'http_access allow JOESPC LETIN1' 2005/08/01 14:54:56| aclMatchAclList: checking JOESPC 2005/08/01 14:54:56| aclMatchAcl: checking 'acl JOESPC src 192.168.0.16' 2005/08/01 14:54:56| aclMatchIp: '127.0.0.1' NOT found 2005/08/01 14:54:56| aclMatchAclList: returning 0 Why is aclMatchIp checking 127.0.0.1? What am I missing?
Re: [squid-users] acl issues
Should I post it here? joea >>> <[EMAIL PROTECTED]> 8/1/05 4:02:57 PM >>> What's your config look like? Tim Joe Acquisto <[EMAIL PROTECTED]> 08/01/2005 03:21 PM To squid-users@squid-cache.org cc Subject [squid-users] acl issues Still chasing getting PC restrictions to work. I just don't get it. I have acl's defined, and I can see it checking them, in the cache.log. However, it seems it is hosing up on the IP check. Always seems to be checking "127.0.0.1" instead of the actual connection's IP. Below is an example from the log: 2005/08/01 14:54:56| aclCheck: checking 'http_access allow JOESPC LETIN1' 2005/08/01 14:54:56| aclMatchAclList: checking JOESPC 2005/08/01 14:54:56| aclMatchAcl: checking 'acl JOESPC src 192.168.0.16' 2005/08/01 14:54:56| aclMatchIp: '127.0.0.1' NOT found 2005/08/01 14:54:56| aclMatchAclList: returning 0 Why is aclMatchIp checking 127.0.0.1? What am I missing?
Re: [squid-users] Acl Issues
On Fri, 31 Dec 2004 [EMAIL PROTECTED] wrote: When I setup and run a browser it comes up with this: 2004/12/31 19:51:23| The request GET http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0409&pver=6.0&ar=home is DENIED, because it matched 'password' 2004/12/31 19:51:23| clientReadRequest: FD 18: no data to process ((35) Resource temporarily unavailable) Before I type a username and password in. If I type the username and password it, it denies it. However, if I run pam_auth as squid at the command line and type in the same username and password I get an OK I would recommend starting with a simpler authentication helper to verify your Squid configuration, such as the ncsa_auth helper. The pam_auth helper approach has many gotchas depending on what backend database your PAM is set to connect to, and should be seen as a last resort method if there is no other method to connect to your user database. Regards Henrik
Re: [squid-users] ACL issues
On Tue, 2007-01-30 at 11:40 -0600, Craig Van Tassle wrote: > I have been getting a lot of incorrect deny with my Squid system. I double > checked the ACL's that I am using and sites like belkin.com are not in any of > my > acl's however they are still getting blocked. Is there how would I go about > finding out what ACL is blocking access to these sites? add this to your squid.conf: [EMAIL PROTECTED]:~$ cat /etc/squid/squid.conf | grep "debug_options" #debug_options ALL,1 33,2 28,9 debug_options ALL,1 33,2 then read your cache.log (maybe in /var/log/squid/). the uncommented line will show you some information. the commented line will show you detailed information on exactlly what each ACL is returning try this: tail -f /var/log/squid/cache.log as you make your requests cheers jmf > > Thanks > Craig > DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or without errors as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software, SA.
[squid-users] ACL issues of time
Hello all, This problem feels like a time out setting but am unable to locate a solution. Problem: If I set up a deny rule for a URL that some one has gone to the following happens: 1. Anybody who has NOT been to this URL is denied out right. 2. If they went to the site prior to the access rule it seems to take days for the rule to finally deny them. How do I make the rules apply now?
Re: [squid-users] ACL issues of time
> 2. If they went to the site prior to the access rule it seems to take > days for the rule to finally deny them. I assume you run -k reconfigure after changes to squid.conf. Which version of squid are you running? /Andreas
Re: [squid-users] ACL issues of time
Sorry should have given back ground. version 2.5 Stable6. Yes this is after a -k reconfigure. have actually done a shut down of squid as well. Andreas Pettersson wrote: 2. If they went to the site prior to the access rule it seems to take days for the rule to finally deny them. I assume you run -k reconfigure after changes to squid.conf. Which version of squid are you running? /Andreas --
Re: [squid-users] ACL issues of time
It might depend on the local browser cache. Try a forced refresh (CTRL+F5 in Internet Explorer) of the page in question. If squid's "access denied" page turns up you know that the access rule is working. /Andreas > version 2.5 Stable6. Yes this is after a -k reconfigure. have actually > done a shut down of squid as well. > > Andreas Pettersson wrote: > >>2. If they went to the site prior to the access rule it seems to take > >>days for the rule to finally deny them. > > > > > > I assume you run -k reconfigure after changes to squid.conf. > > Which version of squid are you running? > > > > /Andreas
Re: [squid-users] ACL issues of time
On Tue, 28 Sep 2004, Rick G. Kilgore wrote: 1. Anybody who has NOT been to this URL is denied out right. 2. If they went to the site prior to the access rule it seems to take days for the rule to finally deny them. Most likely the user has the page already cached in his local browser cache, and the browser is set to not verify the freshness of the page. In such case the browser simply loads the page from the local disk, not asking the proxy at all. How do I make the rules apply now? The rules does apply now. The question is how to get rid of the content from all clients. Regards Henrik
Re: [squid-users] ACL issues of time
> The access list works fine if the person has not been to the site > previously. I do not have the power to sign on as the user and force a > refresh on the remote user in question. > I thought that squid was the last word in accessing the site. Squid HAS the last word in accessing sites, but only if the client request ever reaches Squid. If the client browser decides not to contact the proxy there's not much to do about it. > Would clearing the cache on for the squid server or some thing along that path > work? Try disabling (or set a less aggressive) browser caching. Clearing squid's own cache will not have the desired effect. By the way, are you running the proxy in transparent mode, or are your clients aware of the proxy? /Andreas
Re: [squid-users] ACL issues of time
> The clients have the address of the proxy defined in their explorer > settings. > > I could remove all cache files the workstation, that would do the > job...yes? Yes. /Andreas
