hi , we have here a little problem with the squid above. we have: snip acl NETZ_i001 src "/opt/squid-3.0.STABLE7/etc/acl/netz_001" # # User ACLs # # # default Profile acl USER_sehr_hoch proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_sehr_hoch" acl USER_hoch proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_hoch" acl USER_mittel proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_mittel" acl USER_niedrig proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_niedrig" acl USER_sehr_niedrig proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_sehr_niedrig" icap_service res_default respmod_precache 0 icap://localhost:1344/wwrespmod?profile=default # Default Request-Profile icap_service req_default reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=default icap_service req_hoch reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=hoch icap_service req_mittel reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=mittel icap_service req_niedrig reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=niedrig icap_service req_sehr_hoch reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=sehr_hoch icap_service req_sehr_niedrig reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=sehr_niedrig # ICAP Klassen fuer das default profile icap_class icap_default res_default ############################ icap_class icap_req_default req_default icap_class icap_001netz req_default icap_class icap_sehr_hoch req_sehr_hoch icap_class icap_hoch req_hoch icap_class icap_mittel req_mittel icap_class icap_niedrig req_niedrig icap_class icap_sehr_niedrig req_sehr_niedrig # webwasher default Profile icap_access icap_001netz deny !NETZ_i001 icap_access icap_sehr_hoch deny !USER_sehr_hoch icap_access icap_hoch deny !USER_hoch icap_access icap_mittel deny !USER_mittel icap_access icap_niedrig deny !USER_niedrig icap_access icap_sehr_niedrig deny !USER_sehr_niedrig icap_access icap_default allow all end. squid config. if there is an ip accessing squid, which is not listed in NETZ_001 without user-authentication, the client have to go to the last line for icap response mode access. this works in 2.5.STABLE12. now it matches in the second icap_access line for reqmod_profile icap_sehr_hoch too: 2008/07/01 13:09:55.099| ICAPAccessCheckCallbackWrapper matchedClass = icap_req_default 2008/07/01 13:09:55.099| ACLChecklist::preCheck: 0x87c0980 checking 'icap_access icap_001netz deny !NETZ_i001' 2008/07/01 13:09:55.099| ACLList::matches: checking !NETZ_i001 2008/07/01 13:09:55.099| ACL::checklistMatches: checking 'NETZ_i001' 2008/07/01 13:09:55.099| aclMatchIp: 'XX.XX.XX.XX' NOT found 2008/07/01 13:09:55.099| ACL::ChecklistMatches: result for 'NETZ_i001' is 0 2008/07/01 13:09:55.099| ACLList::matches: result is true 2008/07/01 13:09:55.099| aclmatchAclList: 0x87c0980 returning true (AND list satisfied) 2008/07/01 13:09:55.099| ACLChecklist::markFinished: 0x87c0980 checklist processing finished 2008/07/01 13:09:55.099| ACLChecklist::check: 0x87c0980 match found, calling back with 0 2008/07/01 13:09:55.099| ACLChecklist::checkCallback: 0x87c0980 answer=0 2008/07/01 13:09:55.099| ICAPAccessCheckCallbackWrapper: answer=0 2008/07/01 13:09:55.100| ICAPAccessCheckCallbackWrapper matchedClass = icap_001netz 2008/07/01 13:09:55.100| ACLChecklist::preCheck: 0x87c0aa8 checking 'icap_access icap_sehr_hoch deny !USER_sehr_hoch' 2008/07/01 13:09:55.100| ACLList::matches: checking !USER_sehr_hoch 2008/07/01 13:09:55.100| ACL::checklistMatches: checking 'USER_sehr_hoch' 2008/07/01 13:09:55.100| aclMatchAcl: returning 0 sending authentication challenge. 2008/07/01 13:09:55.100| ACL::ChecklistMatches: result for 'USER_sehr_hoch' is 0 2008/07/01 13:09:55.100| ACLList::matches: result is true 2008/07/01 13:09:55.100| aclmatchAclList: 0x87c0aa8 returning false (AND list entry failed to match) 2008/07/01 13:09:55.100| ACLChecklist::checkForAsync: requiring Proxy Auth header. 2008/07/01 13:09:55.100| ACLChecklist::markFinished: 0x87c0aa8 checklist processing finished 2008/07/01 13:09:55.100| aclmatchAclList: async=1 nodeMatched=1 async_in_progress=0 lastACLResult() = 1 finished() = 1 2008/07/01 13:09:55.100| ACLChecklist::check: 0x87c0aa8 match found, calling back with 2 2008/07/01 13:09:55.100| ACLChecklist::checkCallback: 0x87c0aa8 answer=2 2008/07/01 13:09:55.100| ICAPAccessCheckCallbackWrapper: answer=2 2008/07/01 13:09:55.100| ICAPAccessCheckCallbackWrapper matchedClass = icap_sehr_hoch 2008/07/01 13:09:55.100| ACLChecklist::~ACLChecklist: destroyed 0x87c0aa8 2008/07/01 13:09:55.100| ACLChecklist::~ACLChecklist: destroyed 0x87c0980 2008/07/01 13:09:55.100| ACLChecklist::~ACLChecklist: destroyed 0x87c0a14 2008/07/01 13:09:55.112| ICAPAccessCheckCallbackEvent 2008/07/01 13:09:55.112| ICAPAccessCheck::do_callback 2008/07/01 13:09:55.112| ICAPAccessCheck::do_callback matchedClass = icap_sehr_hoch 2008/07/01 13:09:55.112| ICAP/ICAPConfig.cc(311) cannot skip an essential down service 2008/07/01 13:09:55.112| ICAP/ICAPConfig.cc(318) found first matching down-but-essential service in class icap_sehr_hoch: req_sehr_hoch 2008/07/01 13:09:55.112| ICAP/ICAPConfig.cc(265) do_callback: with service icap://localhost:1344/wwreqmod?profile=sehr_hoch 2008/07/01 13:09:55.112| client_side_request.cc(504) 0x87bc978 icapAclCheckDone called why ? JP
