Hi Henrik I solved my problem....it was related to the following acl: acl bad_word_content_type url_regex -i sesso culo culi tette nudo nuda seno seni pene cazzo cazzi teen figa streaming tvgratis However...In order to solve this problem I was forced to disable acl per acl because increasing debug_option didn't help me; thus I would like to ask you a tips related to the log handling (I think also it could be useful for stupid people like me....) I'll briefly try to explain: 1) visiting www.comune.milano.it the user/credential pop-up was shown to me I tried to increase debug_option but it didn't help me because log was confused ------------------cache.log--------------- 2006/11/16 15:20:32| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6UYCMU/$file/expo_banner.jpg is ALLOWED, because it matched 'DomainUsers' 2006/11/16 15:20:32| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif is ALLOWED, because it matched 'DomainUsers' 2006/11/16 15:20:32| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif is DENIED, because it matched 'autorizzati' 2006/11/16 15:20:32| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif is ALLOWED, because it matched 'autorizzati' it matched 'all' 2006/11/16 15:20:32| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif is ALLOWED, because it matched 'DomainUsers' 2006/11/16 15:20:32| The request GET http://www.comune.milano.it/home/images/head_bar.gif is ALLOWED, because it matched 'DomainUsers' 2006/11/16 15:20:32| The reply for GET http://www.comune.milano.it/home/images/head_bar.gif is ALLOWED, because it matched 'all' 2006/11/16 15:20:32| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif is DENIED, because it matched 'autorizzati' 2006/11/16 15:20:32| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif is ALLOWED, because it matched 'autorizzati' ...... ------------------cache.log--------------- My squid.conf is: acl bad_word_content_type url_regex -i sesso culo culi tette nudo nuda seno seni pene cazzo cazzi teen figa streaming tvgratis acl porn dstdomain "c:/squid/block/pornblock.txt" acl ftpblock url_regex -i \.exe$ \.mp3$ \.asx$ \.avi$ \.mpeg$ \.qt$ \.ram$ \.rm$ \.iso$ \.wav$ \.aif$ .\wma$ .\wmv$ http_access deny Proxy_Internet_Ts !trustedsites http_access allow enabled http_access deny porn !Proxy_All_Open deny_info ERR_PORN_ACCESS_DENIED porn #http_access deny bad_word_content_type !Proxy_ftp_porn_block_yes !Proxy_All_Open (DISABLED TODAY) deny_info ERR_PORN_ACCESS_DENIED bad_word_content_type http_access deny msnmessenger !Proxy_Messengers_yes !Proxy_All_Open http_access deny msnweb !Proxy_Messengers_yes !Proxy_All_Open http_access deny msnit !Proxy_Messengers_yes !Proxy_All_Open http_access deny BadDest !Proxy_Messengers_yes !Proxy_All_Open http_access deny rs_deny !rs_allowed http_access deny ftpblock !Proxy_ftp_porn_block_yes !Proxy_All_Open http_access allow autorizzati DomainUsers http_access deny all Finally...the question is: In my opinion the best and simply way to debug should be to append the name of acl in access.log as shown: ----------access.log---------- 1163682256.166 125 172.16.100.95 TCP_MISS/302 370 GET http://www.comune.milano.it/ smmi\castols DIRECT/217.31.113.35 - 1163682256.885 0 172.16.100.95 TCP_DENIED/407 2012 GET http://www.comune.milano.it/webcity/portale/homepage.nsf/index.htm? - NONE/- text/html !!!ACLNAME!!! ----------access.log---------- Is it possible? I didn't find the way. Thanks Marco Italy -----Messaggio originale----- Da: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Inviato: mercoledì 15 novembre 2006 22.26 A: Reale Marco Cc: squid-users@xxxxxxxxxxxxxxx Oggetto: Re: R: Re: [squid-users] Squid: What is wrong in myacl???? ons 2006-11-15 klockan 15:07 +0100 skrev Reale Marco: > The problem is that sometimes (AND APPARENTLY WITHOUT REASON) > authentication pop-up appears even though url currently I'm browsing > is not wrote in pornsite.txt Are you using NTLM authentication? > 1) User open without problem url: www.somesite.com/homepage.aspx and while he is browsing, authentication popup appears. > 2) I NOTICED THAT PRESSING CANCEL BUTTON, USER WAS ABLE TO CONTINUE BROWSING!!! Thus...I suspected that some object (a banner, a pop-up etc...) was blocked in fact....ENTERING MY CREDENTIALS (I'm in a group with full access) a pop-up with a banner was shown. Could also be some embedded object in the page which was denied, such as an ad or similar. > 3) THUS....AND FINALLY....ANALYZING LOG FILE I SAW entries like this: > 172.16.100.136 TCP_DENIED/407 2181 GET http://secure-it.imrworldwide.com/cgi-bin/m? > TCP_DENIED/407 2349 GET > http://ad.it.doubleclick.net/adj/select.secondamano.it/homepage_rectan > gle;sz=300x250;ord=1238394311? - NONE/- text/html > > http://ad.it.doubleclick.net/adj/select.secondamano.it/homepage_rectangle is the pop-up!!! > This problem is driving me crazy and the only solution I founded is to disable "pornsite" acl even though It isn't a solution.... You could try the FAQ "I set up my access controls, but they don't work! why?" <url:http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-57ab8844e9060937c4a654e1aa7568f87cb25aef> maybe it shows some light into the problem. Regards Henrik
