> > I set this up as you suggested, then triggered a 407 response from the > cache. It seems that way; I couldn't see aclMatchHTTPStatus or http- > response-407 in the log: > > > > Strange. I was sure Alex did some tests recently and proved that even > internally generated responses get http_reply_access applied to them. > Yet no sign of that in your log. > > Is this a very old Squid version?
It's a recent Squid version - 3.5.20 on CentOS 6, built from the SRPM kindly provided by Eliezer. > Or are the "checking http_reply_access" lines just later in the log than > your snippet covered? There was nothing more in the log previously posted at the point the 407 response was returned to the client. That log did have a lot of other stuff in it though. Using a much simpler squid.conf (attached), I tested for differences in authenticated vs unauthenticated requests, when "http_reply_access deny all" is in place. When credentials are supplied, a http/403 (forbidden) response is provided, as you would expect. But when credentials are not supplied, a http/407 response is provided. The divergence seems to start around line 31 in cache_noauth.log: Checklist.cc(63) markFinished: 0x331e4a8 answer AUTH_REQUIRED for AuthenticateAcl exception Perhaps when answer=AUTH_REQUIRED (line 35), http_reply_access is not checked? Another difference is that Acl.cc(158) reports async when an authenticated request is in place, but not otherwise. If someone could give me some pointers where to look in the source, I can start digging to see if I can find out more. Luke
cache_auth.log
Description: Binary data
cache_noauth.log
Description: Binary data
squid.conf
Description: Binary data
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
