this is your cache-log right? in access log you should also have denies/allowed lines, right? first DENIED should be the authrequest (HTTP 407) from squid telling the browser to do a (digest) auth. then the browser answers this with the auth credentials. and squid sends the page again. don't know how digest works, but with ntlm auth you have two denied lines... markus >-----Ursprüngliche Nachricht----- >Von: Ralf Hildebrandt [mailto:Ralf.Hildebrandt@xxxxxxxxxx] >Gesendet: Dienstag, 20. November 2007 13:42 >An: squid-users@xxxxxxxxxxxxxxx >Betreff: Problem with AUTH > >I activated ACL debugging using: >debug_options ALL,1 33,2 > >Squid 2.6.16-1 logs: > >2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:32:52| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:07| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:22| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:40| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:40| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:41| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:52| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >According to my config, there are these lines referring to >"digestauthentifizierung" > ># grep -2 digestauthentifizierung squid.conf.WLAN ># Rest erlauben -- aber nur authorisiert! ># >acl digestauthentifizierung proxy_auth REQUIRED >http_access allow digestauthentifizierung >http_access allow CONNECT digestauthentifizierung > ># > >Why would the request be DENIED and ALLOWED at the same time? > >-- >_________________________________________________ > > Charite - Universitätsmedizin Berlin >_________________________________________________ > > Ralf Hildebrandt > i.A. Geschäftsbereich Informationsmanagement > Campus Benjamin Franklin > Hindenburgdamm 30 | Berlin > Tel. +49 30 450 570155 | Fax +49 30 450 570962 > Ralf.Hildebrandt@xxxxxxxxxx > http://www.charite.de > >----- End forwarded message ----- > >-- >Ralf Hildebrandt (i.A. des IT-Zentrums) >Ralf.Hildebrandt@xxxxxxxxxx >Charite - Universitätsmedizin Berlin Tel. +49 >(0)30-450 570-155 >Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 >(0)30-450 570-962 >IT-Zentrum Standort CBF send no mail to >plonk@xxxxxxxxxx >
