On 12/28/05, Nolan Rumble <nmr@xxxxxxxxx> wrote: > <snip> > > acl all src 0.0.0.0/0.0.0.0 > deny_info CUSTOM_ALL all > > # LOTS OF ACL NOT BEING USED HAVE BEEN CUT... > > acl local-net src 10.0.0.0/255.255.0.0 > deny_info CUSTOM_LOCAL_NET local-net > > http_access allow local-net > > <snip> > > Have you tried just testing the acl src by just having httpd_access > allow src to see what happens? No I have not. I think I'm going to go one step further by doing a "http_access allow" with no acl (just for testing - the firewall will keep outsiders out). > What might also be a problem is if your acl local-net doesn't have the > same subnet mask as the one that your clients are being assigned > statically or via dhcp? Same DHCP server we have been running for over a year. All systems fit the "10.0.0.0/255.255.0.0" range. > When you say squid doesn't respond, does it return any error messages to > the client's browser? I should have mentioned this, sorry. Users see a "Page could not be displayed error 401" Or in other words an "401 Unauthorized". It doesn't make any sense to me. The rules don't point to that and access.log shows nothing for that hit. > Does it happen when websites with dynamic content > are accessed (http://yourwebsite.com/index.php?id=8), or with static > websites (http://yourwebsite.com/link.htm) All sites - static and dynamic. > Nolan Thanks for the input! -- Gabriel Gunderson http://gundy.org
