Lack of understanding ?

"Dmitry S. Makovey" <dmitry@xxxxxxxxxxxxx> · Fri, 31 Mar 2006 16:07:24 -0700

Here's my problem: I'm trying to troubleshoot my ACLs and I can't 
quite comprehend what's happening. According to log file it seems 
like squid is loosing client IP in the process of ACL evaluation. Log 
entries are below. Can somebody explain to me what's happening? 

squid.conf follows this excerpt from log file. On top of that - that's 
squid-2.5.STABLE3-6.3E.16 on redhat AS3.

<log>
2006/03/31 15:58:44| aclCheckFast: list: 0x86bb2f8
2006/03/31 15:58:44| aclMatchAclList: checking all
2006/03/31 15:58:44| aclMatchAcl: checking 'acl all src 
1.1.1.1/255.255.255.255'
2006/03/31 15:58:44| aclMatchIp: '192.168.1.6' NOT found
2006/03/31 15:58:44| aclMatchAclList: no match, returning 0
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: (nil)
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 1
2006/03/31 15:58:44| aclCheckFast: list: 0x86bb3f0
2006/03/31 15:58:44| aclMatchAclList: checking clients
2006/03/31 15:58:44| aclMatchAcl: checking 'acl clients src 
192.168.1.0/255.255.255.0'
2006/03/31 15:58:44| aclMatchIp: '255.255.255.255' NOT found
2006/03/31 15:58:44| aclMatchAclList: no match, returning 0
2006/03/31 15:58:44| aclCheckFast: no matches, returning: 0
2006/03/31 15:58:44| aclCheckFast: list: 0x86bb468
2006/03/31 15:58:44| aclMatchAclList: checking all
2006/03/31 15:58:44| aclMatchAcl: checking 'acl all src 
1.1.1.1/255.255.255.255'
2006/03/31 15:58:44| aclMatchIp: '255.255.255.255' NOT found
</log>

<squid.conf>

http_port 3128
debug_options ALL,1 33,2 28,6

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 8 MB

cache_swap_low 90
cache_swap_high 95

maximum_object_size 4096 KB

minimum_object_size 0 KB

maximum_object_size_in_memory 16 KB

cache_dir ufs /var/spool/squid 100 16 256

log_mime_hdrs on

useragent_log /var/log/squid/useragent.log

referer_log /var/log/squid/referer.log

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl all src 1.1.1.1/255.255.255.255

acl clients src 192.168.1.0/255.255.255.0

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443          # http
acl Safe_ports port 80          # http
acl CONNECT_method method CONNECT

acl allowed_protocols proto HTTP

acl xml_content req_mime_type -i ^text/xml$
acl xml_content req_mime_type -i ^application/xml$
acl xml_content req_mime_type -i ^application/rdf+xml$
acl html_content req_mime_type -i ^text/html$
acl html_content req_mime_type -i ^text/xhtml$
acl HEAD_method method HEAD
acl GET_method method HEAD

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access deny CONNECT_method !SSL_ports

http_access allow GET_method xml_content clients
http_access allow HEAD_method html_content clients

http_access deny to_localhost

http_access allow clients

http_access allow localhost
http_access deny !clients

http_reply_access allow clients
http_reply_access deny !clients

icp_access deny all

miss_access allow clients
miss_access deny all

reply_header_max_size 8 KB

request_body_max_size 4 KB
reply_body_max_size 8 allow clients
reply_body_max_size 0 deny all

strip_query_terms off

coredump_dir /var/spool/squid
</squid.conf>

-- 
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
Attachment:
pgpbdqx1sDW8g.pgp

Description: PGP signature