http://192.168.1.1/wpad.dat IE6 -------------- Original message ---------------------- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> > > Amos, > > > > While I appreciate the input on my config file, do you see anything that > > would cause it to give me these errors? > > > > Here is my wpad.dat: > > > > function FindProxyForURL(url,host) { > > return "PROXY 192.168.1.1:3128"; > > } > > Okay. That makes it a problem with the request the browser is sending. > > What are you typing into the address bar to get the error? > Which browser? > > Amos > > > > > Here is what I see in the logs: > > > > 1205192406.411 0 192.168.1.99 TCP_DENIED/400 1683 GET > > error:invalid-request - NONE/- text/html [] [HTTP/1.0 400 Bad > > Request\r\nServer: squid\r\nDate: Mon, 10 Mar 2008 23:40:06 > > GMT\r\nContent-Type: text/html\r\nContent-Length: 1370\r\nExpires: Mon, 10 > > Mar 2008 23:40:06 GMT\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\n\r] > > 1205192406.415 0 192.168.1.99 TCP_DENIED/400 1811 GET > > error:invalid-request - NONE/- text/html [] [HTTP/1.0 400 Bad > > Request\r\nServer: squid\r\nDate: Mon, 10 Mar 2008 23:40:06 > > GMT\r\nContent-Type: text/html\r\nContent-Length: 1498\r\nExpires: Mon, 10 > > Mar 2008 23:40:06 GMT\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\n\r] > > > > -------------- Original message ---------------------- > > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > >> ffredrixson@xxxxxxxxxxx wrote: > >> > I have squid 2.6stable18 on a debian sarge box in non-transparent > >> mode. I also > >> > have apache web server setup on this box and it works fine - when the > >> browser > >> is > >> > pre-configured for the proxy. > >> > > >> > I have some people come in and use their laptops from time to time so > >> I need a > >> > way to automatically direct them to the proxy server. I've read about > >> wpad.dat > >> > and proxy.pac and tried setting that up but I always get the > >> TCP_DENIED/400 > >> > error:invalid-request in the access.log. > >> > > >> > When I pre-configure the browser for the proxy, the wpad.dat page > >> shows me the > >> > javascript which from what I've read is what it's supposed to do when > >> I put > >> the > >> > URL in the address bar: http://192.168.1.1/wpad.dat. > >> > > >> > When I configure the browser to use a automatic configuration script > >> with that > >> > URL, I get the TCP_DENIED/400 errors again. > >> > > >> > I must be missing something, but I've read everything I could find. Is > >> it an > >> acl > >> > that I'm missing? > >> > >> Probably a WPAD-DNS / WPAD-DHCP muckup or something in the .PAC itself. > >> > >> > > >> > Can someone please help me out? > >> > > >> > Thank you in advance. > >> > > >> > Here is my squid.conf: > >> > > >> > memory_pools off > >> > httpd_suppress_version_string on > >> > cache_effective_user squid > >> > cache_effective_group squid > >> > >> Better leave the group voodoo to the kernel. Setup the user/group on the > >> OS properly and its not needed in squid.conf. effective_user is okay if > >> its not built properly by the package maintainer (But it should be!). > >> > >> > http_port 3128 > >> > > >> > cache_access_log /usr/local/squid/var/logs/access.log > >> > >> Thats now: access_log ... > >> > >> > cache_log /usr/local/squid/var/logs/cache.log > >> > mime_table /usr/local/squid/etc/mime.conf > >> > log_mime_hdrs on > >> > useragent_log /usr/local/squid/var/logs/useragent.log > >> > > >> > url_rewrite_program /usr/local/squid/bin/ufdbgclient -l > >> > /usr/local/squid/var/logs > >> > url_rewrite_children 16 > >> > > >> > #ACL's > >> > acl all src 0/0 > >> > >> Make this: acl all src all > >> > >> > no_cache deny all > >> > >> Make this: cache deny all > >> (or if you want things cached and bandwidth savings, remove it) > >> > >> > acl internal_net src 192.168.1.0/24 > >> > > >> > acl ok_downloads dstdomain "/var/domains.txt" > >> > > >> > acl SSL_ports port 443 > >> > acl CONNECT method CONNECT > >> > > >> > http_access allow internal_net > >> > >> None of the other http_access will ever match after that line! > >> > >> > http_access allow ok_downloads internal_net ! > >> > > >> > http_reply_access allow internal_net ok_downloads > >> > >> Why do this restrictive allow when the next line is a duplicate but more > >> friendly one? > >> Better to just allow all replies. Remember Error pages and Access Denied > >> etc are replies! > >> > >> > http_reply_access allow internal_net > >> > >> And ok. Good finish. > >> > >> > http_access deny all > >> > >> Amos > >> -- > >> Please use Squid 2.6STABLE17+ or 3.0STABLE1+ > >> There are serious security advisories out on all earlier releases. > > > > > >
