I have a piece of software called POS-systems for credit card authorization. It has been working fine until last week. It tends to coincide when I added another rule to the squid.conf file. I have commented the rule out, but still having the same problem. When I try to authorize a transaction I get a 40002 error message, looking it up on the POS-systems website, this is a tcp/ip connection issue. After working with them and finding the software setup properly, I looked at my access.log file to see what was going on. Here is what I see: ------------------------- 1140552332.683 2 172.16.12.219 TCP_DENIED/407 1729 CONNECT ssl.pgs.wcom.net:443 - NONE/- text/html ---------------------------- Normally I would expect to see at least 4 lines in a row with this information because I am using NTLM and basic authentication. When I open a browser, I can nagivate to this https://ssl.pgs.wcom.net. The ports that are required to be open and bi-directional are 443, 563, and 2112. Here is what I have in my squid.conf: ----snip----- acl SSL_ports port 443 acl SSL_ports port 563 acl SSL_ports port 1433 acl SSL_ports port 2112 acl SSL_ports port 3389 -----snip------ -----snip------- acl Safe_ports port 280 acl Safe_ports port 443 acl Safe_ports port 488 acl Safe_ports port 563 acl Safe_ports port 591 acl Safe_ports port 777 acl Safe_ports port 1203 acl Safe_ports port 1205 acl Safe_ports port 1433 acl Safe_ports port 2112 acl Safe_ports port 3389 --------snip------- I have added .wcom.net in the list below, and have added to my openaccesswhitelist.txt, openaccesswhiltelistipaddr.txt, whiteipaddr.txt, whitelist.txt acl DoNotCacheWebSites dstdomain "/etc/squid/rules/donotcachewebsites.txt" acl Freemarkets dstdomain .freemarkets.com acl MyTextron dstdomain .mytextron.com acl WComNet dstdomain .wcom.net acl Corrlink dstdomain .weyerhaeuser.com acl SchwabPlan dstdomain .schwabplan.com acl LindWaldock dstdomain .lind-waldock.com acl BrownListWebsites dstdomain "/etc/squid/rules/brownlist.txt" acl BlackListWebsites dstdomain "/etc/squid/rules/blacklist.txt" acl BlackListIpAddresses dst "/etc/squid/rules/blacklistipaddr.txt" acl BlackListIpAddress1 dst 64.73.35.120 acl OpenAccessWhiteListWebsites dstdomain "/etc/squid/rules/openaccesswhitelist.txt" acl OpenAccessWhiteListIpAddresses dst "/etc/squid/rules/openaccesswhitelistipaddr.txt" acl WhiteListWebsites dstdomain "/etc/squid/rules/whitelist.txt" acl WhiteListIPAddresses dst "/etc/squid/rules/whiteipaddr.txt" acl AuthLimitedUsers proxy_auth REQUIRED acl AuthPowerUsers proxy_auth "/etc/squid/rules/powerusers.txt" acl AuthIPAddresses src "/etc/squid/rules/poweripaddresses.txt" acl AuthSafeAccessUsers proxy_auth "/etc/squid/rules/users.txt" acl OverRideBrownListUsers proxy_auth "/etc/squid/rules/ovrdbrownlist.txt" acl AdultBlackListWebsites dstdomain "/etc/squid/rules/adultblacklist.txt" http_access allow manager our_networks http_access allow WhiteListWebsites AuthLimitedUsers http_access allow WhiteListIPAddresses AuthLimitedUsers http_access allow all OpenAccessWhiteListWebsites http_access allow all OpenAccessWhiteListIpAddresses http_access deny all AdultBlackListWebsites http_access allow all Freemarkets http_access allow all MyTextron http_access allow all Corrlink http_access allow all SchwabPlan http_access allow all WcomNet http_access allow all LindWaldock http_access allow all AuthPowerUsers http_access allow all AuthIPAddresses http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access deny !our_networks http_access allow BrownListWebsites OverRideBrownListUsers http_access deny all BrownListWebsites http_access deny all BlackListWebsites http_access deny all BlackListIpAddresses http_access deny all BlackListIpAddress1 http_access allow all AuthSafeAccessUsers http_access deny all
