Hello, the ACL all is defined like acl all src 0.0.0.0/0.0.0.0 I have never changed anything with this ACL. What is funny, is that we have to Squidboxes, that are both configured the same, and only one has this problem. (And 3 weeks ago both were fine...) Regards Stefan Henrik Nordstrom <hno@squid-cache. org> To Stefan.Vogel@xxxxxxxxx 10.05.2005 14:24 cc Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx Subject Re: [squid-users] Access denied On Tue, 10 May 2005 Stefan.Vogel@xxxxxxxxx wrote: > Hello, > > I tried and get this in access.log > 172.25.9.90 - - [10/May/2005:11:55:34 +0200] "GET http://www.heise.de/ > HTTP/1.1" 407 1802 TCP_DENIED:NONE > 172.25.9.90 - vogels [10/May/2005:11:55:41 +0200] "GET http://www.heise.de/ > HTTP/1.1" 403 1381 TCP_DENIED:NONE > > and this in cache.log > 2005/05/10 11:55:34| The request GET http://www.heise.de/ is DENIED, > because it matched 'inet_users' > 2005/05/10 11:55:34| The reply for GET http://www.heise.de/ is ALLOWED, > because it matched 'all' > 2005/05/10 11:55:41| The request GET http://www.heise.de/ is DENIED, > because it matched 'all' > 2005/05/10 11:55:41| The reply for GET http://www.heise.de/ is ALLOWED, > because it matched 'all' > > in squid.conf I have > .... > http_access allow inet_users > ... > http_access deny all > ... > > the acl inet_users is the ldap-group-helper, and of course I am in that > group. > > I don't understand why there is ALLOWED because it matches ALL... Don't worry, its the http_reply_access check (hinted by "The reply for ...." in the debug message) More interesting is the "The request GET http://www.heise.de/ is DENIED," line.. how is the acl "all" defined in your config? Regards Henrik