I learned to always backup my squid.conf prior to making any changes.
:-)
----- Original Message -----
From: "Casey King" <cking@xxxxxxxxxxx>
To: "'Mark Elsen'" <mark.elsen@xxxxxxxxx>
Cc: "'Squid Mailing List'" <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, February 22, 2006 10:56 AM
Subject: RE: Cannot authorize payment
The rule that I added was the http_access deny all
AdultBlackListWebsites.
Here is an update. And yes, this is a temporary fix, as I can tell from
Chris Robertson's reply, and through working this issue, that I need to
make
some changes in my conf file. I moved my "http_access allow all
WcomNet"
rule to the top, and now the accounting department is able to authorize
payments. So I have a lot of work on my hands to reorganize and tighten
up
this conf file. As for your questions Chris, all I can say right now,
is
that I am still on a learning curve, and I thank you for all your
suggestions, and trust me...over the next couple of days, I will be
wrapped
up in this.
http_access allow manager our_networks
#http_access allow all open_for_ip_address
http_access allow all WcomNet
http_access allow WhiteListWebsites AuthLimitedUsers
http_access allow WhiteListIPAddresses AuthLimitedUsers
http_access allow all OpenAccessWhiteListWebsites
http_access allow all OpenAccessWhiteListIpAddresses
http_access deny all AdultBlackListWebsites
http_access allow all Freemarkets
http_access allow all MyTextron
http_access allow all Corrlink
http_access allow all SchwabPlan
#http_access allow all WcomNet
http_access allow all LindWaldock
http_access allow all AuthPowerUsers
http_access allow all AuthIPAddresses
#http_access allow all OpenAccessWhiteListWebsites
#http_access allow all OpenAccessWhiteListIpAddresses
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny !our_networks
http_access allow BrownListWebsites OverRideBrownListUsers
http_access deny all BrownListWebsites
http_access deny all BlackListWebsites
http_access deny all BlackListIpAddresses
http_access deny all BlackListIpAddress1
http_access allow all AuthSafeAccessUsers
#http_access allow WhiteListWebsites AuthLimitedUsers
#http_access allow WhiteListIPAddresses AuthLimitedUsers
http_access deny all
-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@xxxxxxxxx]
Sent: Tuesday, February 21, 2006 3:17 PM
To: Casey King
Cc: Squid Mailing List
Subject: Re: Cannot authorize payment
I have a piece of software called POS-systems for credit card
authorization. It has been working fine until last week. It tends to
coincide when I added another rule to the squid.conf file.
Which rule are you talking about ?
I have commented the rule out, but
still having the same problem.
When I try to authorize a transaction I get a 40002 error message,
looking it up on the POS-systems website, this is a tcp/ip connection
issue. After working with them and finding the software setup
properly, I looked at my access.log file to see what was going on.
Here is what I see:
-------------------------
1140552332.683 2 172.16.12.219 TCP_DENIED/407 1729 CONNECT
ssl.pgs.wcom.net:443 - NONE/- text/html
----------------------------
Normally I would expect to see at least 4 lines in a row with this
information because I am using NTLM and basic authentication. When I
open a browser, I can nagivate to this https://ssl.pgs.wcom.net. The
ports that are required to be open and bi-directional are 443, 563,
and 2112. Here is what I have in my squid.conf:
...
Perhaps the POS client does not support NTLM auth ?
M.
