On Wed, 17 Mar 2010 23:21:44 +0100, Thomas Klein <mailinglist-postfixbuch@xxxxxxxxx> wrote: > Truth Seeker schrieb: >>> - >>> >>>>> http_access deny !AuthorizedUsers >>>>> >>>> ... performs authentication. Which was your problem >>>> >>> with >>> >>>> Java... >>>> >>>> order is important! >>>> >>>> >>> So does it mean, i need to put them as the following; >>> >>> ### For JAVA >>> acl Java browser Java/1.4 Java/1.5 Java/1.6 >>> acl testnet src 192.168.7.0/24 >>> acl testnet src 192.168.8.0/24 >>> http_access allow testnet Java >>> >>> http_access deny !AuthorizedUsers >>> >>> >> >> >> Yes when i modified as the above, its working fine.... >> >> Now another doubt. will this solve the issues related to all the java >> sites? >> >> > Hi there, > > i have actually also the problem that java-applications are in no way > able to get a working connect to the internet, but this workaround with > the example of http://www.dailyfx.com/ doesn't work for me in any case.... > My test-user matches the acl "gruppe_vollzugriff" - i'm using > 2.7.STABLE3-4.1 on Debian Lenny with squidguard 1.4. I also use NTLM > auth against a AD. > > If I do it in this way: > > acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser > acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff > acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis > acl gruppe_test external wbinfo_group Proxygruppe-test > acl Java browser Java/1.4 Java/1.5 Java/1.6 > acl localnet src 172.1.0.0/19 > ... > http_access allow localnet Java > http_access allow gruppe_azubis erlaubte_seiten_azubis > http_access allow gruppe_standarduser > http_access allow gruppe_test > http_access allow gruppe_vollzugriff > http_access deny all > > I get in access.log the following: > 1268863619.997 13 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - > DIRECT/- - > 1268863620.008 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - > DIRECT/- - > 1268863620.022 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - > DIRECT/- - > 1268863620.034 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 - > DIRECT/- - > > > If i modify the order of the http_access line in this way: > > acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser > acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff > acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis > acl gruppe_test external wbinfo_group Proxygruppe-test > acl Java browser Java/1.4 Java/1.5 Java/1.6 > acl localnet src 172.1.0.0/19 > ... > http_access allow gruppe_azubis erlaubte_seiten_azubis > http_access allow gruppe_standarduser > http_access allow gruppe_test > http_access allow gruppe_vollzugriff > http_access allow localnet Java > http_access deny all > > I get the following output in the log: > 1268864049.866 8 172.1.0.128 TCP_DENIED/407 1867 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.900 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.914 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.927 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.940 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.965 15 172.1.0.128 TCP_DENIED/407 1841 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.979 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT > balancer.netdania.com:443 - NONE/- text/html > 1268864049.989 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT > balancer.netdania.com:443 - NONE/- text/html > > > As I described, java isn't able to get a working connect to the > internet. What's wrong in my case? I would be glad if you have a hint > for me.... There is some form of deny line happening outside the set you showed. Which blocks the first configuration form working. The Java auth problem blocks the second. Amos
