Search squid archive

Re: squid-3.0.STABLE7 ICAP [FinanzIT: Viruscheck]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Juergen.Paulo@xxxxxxxxxxxx wrote:

hi ,

we have here a little problem with the squid above.

we have:

snip

acl NETZ_i001                   src
"/opt/squid-3.0.STABLE7/etc/acl/netz_001"
# # User ACLs
#
# # default Profile
 acl USER_sehr_hoch              proxy_auth
"/opt/squid-3.0.STABLE7/etc/acl/user_sehr_hoch"
 acl USER_hoch                   proxy_auth
"/opt/squid-3.0.STABLE7/etc/acl/user_hoch"
 acl USER_mittel                 proxy_auth
"/opt/squid-3.0.STABLE7/etc/acl/user_mittel"
 acl USER_niedrig                proxy_auth
"/opt/squid-3.0.STABLE7/etc/acl/user_niedrig"
 acl USER_sehr_niedrig           proxy_auth
"/opt/squid-3.0.STABLE7/etc/acl/user_sehr_niedrig"


icap_service res_default        respmod_precache 0
icap://localhost:1344/wwrespmod?profile=default

# Default Request-Profile

icap_service req_default         reqmod_precache 0
icap://localhost:1344/wwreqmod?profile=default

icap_service req_hoch           reqmod_precache 0
icap://localhost:1344/wwreqmod?profile=hoch
icap_service req_mittel         reqmod_precache 0
icap://localhost:1344/wwreqmod?profile=mittel
icap_service req_niedrig        reqmod_precache 0
icap://localhost:1344/wwreqmod?profile=niedrig
icap_service req_sehr_hoch      reqmod_precache 0
icap://localhost:1344/wwreqmod?profile=sehr_hoch
icap_service req_sehr_niedrig    reqmod_precache 0
icap://localhost:1344/wwreqmod?profile=sehr_niedrig


# ICAP Klassen fuer das default profile
icap_class icap_default         res_default

############################

icap_class icap_req_default    req_default


icap_class icap_001netz               req_default
icap_class icap_sehr_hoch         req_sehr_hoch
icap_class icap_hoch                    req_hoch
icap_class icap_mittel                   req_mittel
icap_class icap_niedrig               req_niedrig
icap_class icap_sehr_niedrig    req_sehr_niedrig



# webwasher default Profile
icap_access icap_001netz             deny !NETZ_i001

icap_access icap_sehr_hoch       deny !USER_sehr_hoch
icap_access icap_hoch                 deny !USER_hoch
icap_access icap_mittel                deny !USER_mittel
icap_access icap_niedrig             deny !USER_niedrig
icap_access icap_sehr_niedrig   deny !USER_sehr_niedrig

icap_access icap_default        allow all

end. squid config.

if there is an ip accessing squid, which is not listed in NETZ_001 without
user-authentication, the client have
to go to the last line for icap response mode access. this works in
2.5.STABLE12.
now it matches in the second icap_access line for reqmod_profile
icap_sehr_hoch too:

<snip>

why ?


It should be working the same.
Looks like a bug to me. The second line tries to send of an auth-required message. But the ICAP accept mechanism assumes it's an 'okay' result. 

Can you please check bugzilla and if its not already there report a bug.

Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux