Dawie Pretorius wrote:
Hello
Getting this error "1267609425.628 270 172.16.8.105 TCP_MISS/000 0 GET ftp://XX.XX.XX.XX/ - DIRECT/XX.XX.XX.XX - and a black page on my web browser on when accessing this ftp site.
When using no proxy FTP site ask for authentication?
Squid older than 3.1 were somewhat restricted in their use of auth with
FTP. They would not pass back the headers to trigger HTTP auth properly
and required the user/pass to be in the URL.
Your config shows signs of being in an older Squid, so the fix will be
either using 3.1 or adding the credentials to the FTP URLs.
Here is my squid.conf:
http_port 0.0.0.0:51313
cache_peer ZATBIMPROXY02 sibling 3128 0 default login=PASS
persistent_connection_after_error on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
Drop that QUERY stuff to improve your dynamic objects caching. A large
portion seem to be cacheable now.
cache_mem 50 MB
maximum_object_size 20 MB
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
Not useful for much beyond debugging:
cache_store_log none
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
Missing right here:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
half_closed_clients off
acl manager proto cache_object
acl localnet src XX.XX.XX.XX/12
acl localhost src 127.0.0.1/255.255.255.255
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
<snip>
http_access deny CONNECT !SSL_ports
acl cape_town src XX.XX.XX.XX/255.255.254.0
acl cape_town src XX.XX.XX.XX/23
http_access allow cape_town
acl our_networks src XX.XX.XX.XX/255.255.254.0 XX.XX.XX.XX/255.255.254.0 XX.XX.XX.XX/255.255.255.0
acl our_networks src XX.XX.XX.XX/23 XX.XX.XX.XX/23 XX.XX.XX.XX/24
http_access allow our_networks
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_mgr hbops@xxxxxxxxxxxxxxxxxx
visible_hostname ZATBIMPROXY01
deny_info ERR_ACCESS_DENIED blacklist
deny_info ERR_ACCESS_DENIED denyfiletypes
ACCESS_DENIED is the default page sent on "http_access deny". There is
no need to specify it explicitly like that.
This FTP does ask for authentication and you cannot login anonymously. Is this something that I have in my squid.conf or does not have in my squid.conf?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.17