Re: [squid-users] TCP_MISS/000 FTP

Wed, 03 Mar 2010 03:16:38 -0800 

Dawie Pretorius wrote:
Hello 
Getting this error "1267609425.628    270 172.16.8.105 TCP_MISS/000 0 GET 
ftp://XX.XX.XX.XX/ - DIRECT/XX.XX.XX.XX - and a black page on my web browser on when 
accessing this ftp site.

When using no proxy FTP site ask for authentication?
Squid older than 3.1 were somewhat restricted in their use of auth with FTP. They would not pass back the headers to trigger HTTP auth properly and required the user/pass to be in the URL.
Your config shows signs of being in an older Squid, so the fix will be either using 3.1 or adding the credentials to the FTP URLs. 


Here is my squid.conf:

http_port 0.0.0.0:51313
cache_peer ZATBIMPROXY02 sibling 3128 0 default login=PASS
persistent_connection_after_error on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
Drop that QUERY stuff to improve your dynamic objects caching. A large portion seem to be cacheable now. 


cache_mem 50 MB
maximum_object_size 20 MB
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log


Not useful for much beyond debugging:
  cache_store_log none


refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440


Missing right here:
  refresh_pattern -i (/cgi-bin/|\?)  0 0% 0


refresh_pattern .               0       20%     4320
half_closed_clients off
acl manager proto cache_object
acl localnet src XX.XX.XX.XX/12
acl localhost src 127.0.0.1/255.255.255.255


acl localhost src 127.0.0.1


acl to_localhost dst 127.0.0.0/8


acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

<snip>

http_access deny CONNECT !SSL_ports
acl cape_town src XX.XX.XX.XX/255.255.254.0


acl cape_town src XX.XX.XX.XX/23


http_access allow cape_town
acl our_networks src XX.XX.XX.XX/255.255.254.0 XX.XX.XX.XX/255.255.254.0 
XX.XX.XX.XX/255.255.255.0


acl our_networks src XX.XX.XX.XX/23 XX.XX.XX.XX/23 XX.XX.XX.XX/24


http_access allow our_networks
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_mgr hb...@healthbridge.co.za
visible_hostname ZATBIMPROXY01
deny_info ERR_ACCESS_DENIED blacklist
deny_info ERR_ACCESS_DENIED denyfiletypes
ACCESS_DENIED is the default page sent on "http_access deny". There is no need to specify it explicitly like that.
This FTP does ask for authentication and you cannot login anonymously. Is this something that I have in my squid.conf or does not have in my squid.conf? 



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
  Current Beta Squid 3.1.0.17

Reply via email to