Afternoon everyone, I have a small problem. I've got a user who needs to access a website, and when he goes there he occasionally gets an Access Denied error. Looking in the logs, I see the following: 10.150.6.53 - hoffmand [04/Feb/2008:13:53:33 -0500] "GET http://buymtdonline.arinet.com/EW54MTD/MTDC/Include/cfgCustom.js HTTP/1.0" 200 13276 TCP_MISS:DIRECT 10.150.6.53 - (hoffmand) - [04/Feb/2008:13:53:33 -0500] "GET http://buymtdonline.arinet.com/scripts/EmpartISAPI.dll? HTTP/1.0" 403 1403 TCP_DENIED:NONE 10.150.6.53 - hoffmand [04/Feb/2008:13:53:33 -0500] "GET http://buymtdonline.arinet.com/scripts/EmpartISAPI.dll? HTTP/1.0" 200 4908 TCP_MISS:DIRECT Note: In the second line I added the (hoffmand) because it's obviously his traffic, just not marked as such. Now, for the fun stuff. We use AD for our authentication source and that works great. I've also looked through our deny statements in squid.conf, of which there are only 3 and here they are: 1) Blocking based on url. The blocked entries are all like myspace.com, facebook.com, 2girls1cup.com, etc... 2) Blocking based on streaming media. These entries are like .avi, .mov, .wmv, etc. 3) Blocking if Active Directory authentication failed. Any thoughts on what this might be just looking at it? Obviously I'm sure you guys need more, but any help you can give me in starting to track down the why would be awesome. Thanks
