Fw: [squid-users] Access denied

Stefan.Vogel@xxxxxxxxx · Thu, 12 May 2005 13:24:54 +0200

Hello,

has my last message reach you?

Any more ideas where I can search for a soloution?

Regards
Stefan Vogel

----- Forwarded by Stefan Vogel/nu/eu/au/cag on 12.05.2005 13:23 -----

             Stefan.Vogel@temi                                             
             c.com                                                         
                                                                        To 
             10.05.2005 16:38          Henrik Nordstrom                    
                                       <hno@xxxxxxxxxxxxxxx>               
                                                                        cc 
                                       Henrik Nordstrom                    
                                       <hno@xxxxxxxxxxxxxxx>,              
                                       squid-users@xxxxxxxxxxxxxxx         
                                                                   Subject 
                                       Re: [squid-users] Access denied     

Hello,

the ACL all is defined like

acl all src 0.0.0.0/0.0.0.0

I have never changed anything with this ACL.

What is funny, is that we have to Squidboxes, that are both configured the
same, and only one has this problem. (And 3 weeks ago both were fine...)

Regards
Stefan

             Henrik Nordstrom
             <hno@squid-cache.
             org>                                                       To
                                       Stefan.Vogel@xxxxxxxxx
             10.05.2005 14:24                                           cc
                                       Henrik Nordstrom
                                       <hno@xxxxxxxxxxxxxxx>,
                                       squid-users@xxxxxxxxxxxxxxx
                                                                   Subject
                                       Re: [squid-users] Access denied

On Tue, 10 May 2005 Stefan.Vogel@xxxxxxxxx wrote:

> Hello,
>
> I tried and get this in access.log
> 172.25.9.90 - - [10/May/2005:11:55:34 +0200] "GET http://www.heise.de/
> HTTP/1.1" 407 1802 TCP_DENIED:NONE
> 172.25.9.90 - vogels [10/May/2005:11:55:41 +0200] "GET
http://www.heise.de/
> HTTP/1.1" 403 1381 TCP_DENIED:NONE
>
> and this in cache.log
> 2005/05/10 11:55:34| The request GET http://www.heise.de/ is DENIED,
> because it matched 'inet_users'
> 2005/05/10 11:55:34| The reply for GET http://www.heise.de/ is ALLOWED,
> because it matched 'all'
> 2005/05/10 11:55:41| The request GET http://www.heise.de/ is DENIED,
> because it matched 'all'
> 2005/05/10 11:55:41| The reply for GET http://www.heise.de/ is ALLOWED,
> because it matched 'all'
>
> in squid.conf I have
> ....
> http_access allow inet_users
> ...
> http_access deny all
> ...
>
> the acl inet_users is the ldap-group-helper, and of course I am in that
> group.
>
> I don't understand why there is ALLOWED because it matches ALL...

Don't worry, its the http_reply_access check (hinted by "The reply for
...." in the debug message)

More interesting is the "The request GET http://www.heise.de/ is DENIED,"
line.. how is the acl "all" defined in your config?

Regards
Henrik