Search squid archive

Re: Java not working behind squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 17 Mar 2010 23:21:44 +0100, Thomas Klein
<mailinglist-postfixbuch@xxxxxxxxx> wrote:
> Truth Seeker schrieb:
>>> -
>>>     
>>>>> http_access deny !AuthorizedUsers
>>>>>         
>>>> ... performs authentication. Which was your problem
>>>>       
>>> with
>>>     
>>>> Java...
>>>>
>>>> order is important!
>>>>
>>>>       
>>> So does it mean, i need to put them as the following;
>>>
>>> ### For JAVA
>>> acl Java browser Java/1.4 Java/1.5 Java/1.6
>>> acl testnet src 192.168.7.0/24
>>> acl testnet src 192.168.8.0/24
>>> http_access allow testnet Java
>>>  
>>> http_access deny !AuthorizedUsers
>>>
>>>     
>>
>>
>> Yes when i modified as the above, its working fine....
>>
>> Now another doubt. will this solve the issues related to all the java
>> sites?
>>
>>   
> Hi there,
> 
> i have actually also the problem that java-applications are in no way 
> able to get a working connect to the internet, but this workaround with 
> the example of http://www.dailyfx.com/ doesn't work for me in any
case....
> My test-user matches the acl "gruppe_vollzugriff" - i'm using 
> 2.7.STABLE3-4.1 on Debian Lenny with squidguard 1.4. I also use NTLM 
> auth against a AD.
> 
> If I do it in this way:
> 
> acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser
> acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff
> acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis
> acl gruppe_test external wbinfo_group Proxygruppe-test
> acl Java browser Java/1.4 Java/1.5 Java/1.6
> acl localnet src 172.1.0.0/19
> ...
> http_access allow localnet Java
> http_access allow gruppe_azubis erlaubte_seiten_azubis
> http_access allow gruppe_standarduser
> http_access allow gruppe_test
> http_access allow gruppe_vollzugriff
> http_access deny all
> 
> I get in access.log the following:
> 1268863619.997     13 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - 
> DIRECT/- -
> 1268863620.008      3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - 
> DIRECT/- -
> 1268863620.022      3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - 
> DIRECT/- -
> 1268863620.034      3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - 
> DIRECT/- -
> 
> 
> If i modify the order of the http_access line in this way:
> 
> acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser
> acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff
> acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis
> acl gruppe_test external wbinfo_group Proxygruppe-test
> acl Java browser Java/1.4 Java/1.5 Java/1.6
> acl localnet src 172.1.0.0/19
> ...
> http_access allow gruppe_azubis erlaubte_seiten_azubis
> http_access allow gruppe_standarduser
> http_access allow gruppe_test
> http_access allow gruppe_vollzugriff
> http_access allow localnet Java
> http_access deny all
> 
> I get the following output in the log:
> 1268864049.866      8 172.1.0.128 TCP_DENIED/407 1867 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.900      6 172.1.0.128 TCP_DENIED/407 1841 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.914      4 172.1.0.128 TCP_DENIED/407 1867 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.927      6 172.1.0.128 TCP_DENIED/407 1841 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.940      4 172.1.0.128 TCP_DENIED/407 1867 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.965     15 172.1.0.128 TCP_DENIED/407 1841 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.979      4 172.1.0.128 TCP_DENIED/407 1867 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 1268864049.989      6 172.1.0.128 TCP_DENIED/407 1841 CONNECT 
> balancer.netdania.com:443 - NONE/- text/html
> 
> 
> As I described, java isn't able to get a working connect to the 
> internet. What's wrong in my case? I would be glad if you have a hint 
> for me....

There is some form of deny line happening outside the set you showed.
Which blocks the first configuration form working. The Java auth problem
blocks the second.

Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux