> Further to the Page Cannot be Displayed errors I am getting > > From the cache.log > 2008/07/23 10:47:50| The request POST > http://webmail.controlpanel.com.au/ is ALLOWED, because it matched > 'PowerProxy' > 2008/07/23 10:47:50| The reply for POST > http://webmail.controlpanel.com.au/ is ALLOWED, because it matched 'all' > 2008/07/23 10:47:50| The request GET > http://webmail.controlpanel.com.au/vopmail.css is DENIED, because it > matched 'PowerProxy' > 2008/07/23 10:47:50| The request GET > http://webmail.controlpanel.com.au/vopmail.css is DENIED, because it > matched 'PowerProxy' > 2008/07/23 10:47:50| The request GET > http://webmail.controlpanel.com.au/vopmail.css is ALLOWED, because it > matched 'PowerProxy' > 2008/07/23 10:47:56| The request POST > http://webmail.controlpanel.com.au/ is ALLOWED, because it matched > 'PowerProxy' > 2008/07/23 10:47:56| The reply for POST > http://webmail.controlpanel.com.au/ is ALLOWED, because it matched 'all' > 2008/07/23 10:48:08| The request GET > http://webmail.controlpanel.com.au/?AutoLogon=no is ALLOWED, because it > matched 'PowerProxy' > 2008/07/23 10:48:09| The reply for GET > http://webmail.controlpanel.com.au/?AutoLogon=no is ALLOWED, because it > matched 'all' > 2008/07/23 10:48:10| The request POST > http://webmail.controlpanel.com.au/ is DENIED, because it matched > 'PowerProxy' > 2008/07/23 10:48:10| The request POST > http://webmail.controlpanel.com.au/ is DENIED, because it matched > 'PowerProxy' > 2008/07/23 10:48:10| The request POST > http://webmail.controlpanel.com.au/ is ALLOWED, because it matched > 'PowerProxy' > 2008/07/23 10:48:11| The reply for POST > http://webmail.controlpanel.com.au/ is ALLOWED, because it matched 'all' > > > Why am I seeing DENIED, should I be concerned? Looks like two clients accessing a system with slightly broken authentication failover. - User 1, has (NTLM?) login working and gets through. - User 2, has no (NTLM?) login and gets redirected to a backup login (form?). Then things go all funky on User2. Going only by the URL; the 'AutoLogin=no' POST request (login form submission?) is denied because the (NTLM?) fails. BUT, that failure maybe is why the POST exists in the first place. **** Please verify manually yourself, if my theory above is correct about the two login methods before trying to fix. **** If my analysis is right. You need to whitelist POST requests to the backup login form handler. Maybe get the system POST'ing to a different URL (ie. */login?AutoLogin=no) which can be specially whitelisted by itself. Amos > > Here is part of the squid.conf > > acl Proxy external nt_group ProxyUsers > acl PowerProxy external nt_group ProxyPowerUsers > acl White url_regex "/etc/squid/white.list" > acl Denied url_regex -i "/etc/squid/denied.list" > acl Refuse url_regex -i "/etc/squid/refuse.list" > acl ATO dstdomain eci.ato.gov.au pki.ato.gov.au > no_cache deny QUERY > always_direct allow FTP > always_direct allow localhost > always_direct allow ATO > > # ACL List of Allow or Deny and the order they flow > http_access allow White > http_access deny Denied > http_access allow PowerProxy > http_access deny Refuse > http_access allow Proxy > http_access allow ATO > http_access allow manager > http_access deny all > > Any suggestions would be most welcome > > Cheers, > Scott > > -----Original Message----- > From: Thompson, Scott (WA) [mailto:Scott.Thompson@xxxxxxxxxxxxxx] > Sent: Wednesday, 23 July 2008 9:07 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: RE: Squid Maxing Out - Help required > > Thx Henrik > Nothing I can see that is obvious > tail messages > Jul 23 08:15:26 pelpx01 squid[29720]: Squid Parent: child process 12961 > started > Jul 23 08:34:01 pelpx01 squid[29720]: Squid Parent: child process 12961 > exited due to signal 6 > Jul 23 08:34:04 pelpx01 squid[29720]: Squid Parent: child process 17905 > started > Jul 23 08:34:34 pelpx01 squid[29720]: Squid Parent: child process 17905 > exited due to signal 6 > Jul 23 08:34:37 pelpx01 squid[29720]: Squid Parent: child process 18211 > started > Jul 23 08:34:54 pelpx01 squid[29720]: Squid Parent: child process 18211 > exited due to signal 6 > Jul 23 08:34:57 pelpx01 squid[29720]: Squid Parent: child process 18433 > started > Jul 23 08:38:06 pelpx01 squid[29720]: Squid Parent: child process 18433 > exited due to signal 6 > Jul 23 08:38:09 pelpx01 squid[29720]: Squid Parent: child process 19855 > started > Jul 23 08:39:55 pelpx01 sshd(pam_unix)[20645]: session opened for user > root by root(uid=0) > > Cache log just seems to have the usual requests etc > Plenty of Gets and Allowed. It happened whilst I was checking the cache > log so I had a site to reference and there was nothing unusual! > > Any other suggestions would be appreciated > > Scott > > -----Original Message----- > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, 23 July 2008 4:03 AM > To: Thompson, Scott (WA) > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid Maxing Out - Help required > > On tis, 2008-07-22 at 15:44 +0800, Thompson, Scott (WA) wrote: >> Hi all >> We are seeing some weird behaviour with our Squid server >> Thru out the day Internet Explorer will come back with Internet > Explorer >> cannot display the page >> No errors from Squid as such, it appears that IE simply cannot contact >> the squid server, that's what it looks like to me! > > Anything in cache.log? > > Anything in /var/log/messages? > > Regards > Henrik >
