Hello,
the ACL all is defined like
acl all src 0.0.0.0/0.0.0.0
I have never changed anything with this ACL.
What is funny, is that we have to Squidboxes, that are both configured the
same, and only one has this problem. (And 3 weeks ago both were fine...)
Regards
Stefan
Henrik Nordstrom
<hno@squid-cache.
org> To
Stefan.Vogel@xxxxxxxxx
10.05.2005 14:24 cc
Henrik Nordstrom
<hno@xxxxxxxxxxxxxxx>,
squid-users@xxxxxxxxxxxxxxx
Subject
Re: [squid-users] Access denied
On Tue, 10 May 2005 Stefan.Vogel@xxxxxxxxx wrote:
> Hello,
>
> I tried and get this in access.log
> 172.25.9.90 - - [10/May/2005:11:55:34 +0200] "GET http://www.heise.de/
> HTTP/1.1" 407 1802 TCP_DENIED:NONE
> 172.25.9.90 - vogels [10/May/2005:11:55:41 +0200] "GET
http://www.heise.de/
> HTTP/1.1" 403 1381 TCP_DENIED:NONE
>
> and this in cache.log
> 2005/05/10 11:55:34| The request GET http://www.heise.de/ is DENIED,
> because it matched 'inet_users'
> 2005/05/10 11:55:34| The reply for GET http://www.heise.de/ is ALLOWED,
> because it matched 'all'
> 2005/05/10 11:55:41| The request GET http://www.heise.de/ is DENIED,
> because it matched 'all'
> 2005/05/10 11:55:41| The reply for GET http://www.heise.de/ is ALLOWED,
> because it matched 'all'
>
> in squid.conf I have
> ....
> http_access allow inet_users
> ...
> http_access deny all
> ...
>
> the acl inet_users is the ldap-group-helper, and of course I am in that
> group.
>
> I don't understand why there is ALLOWED because it matches ALL...
Don't worry, its the http_reply_access check (hinted by "The reply for
...." in the debug message)
More interesting is the "The request GET http://www.heise.de/ is DENIED,"
line.. how is the acl "all" defined in your config?
Regards
Henrik
