I've got one of my squid/dansguardian boxes configured for transparent proxy using an UAP to "authorize" the connection. What happens is the AUP shows, the user clicks on the accept link (which is just a URL forward to where they were originally going) then it drops them right back into the AUP. A session was never being created for the user (or so I thought). In the logs I can see the 302 denied show which causes the redirection: 01/Apr/2010,14:38:53, 0,192.168.80.245,TCP_DENIED/302,421,GET,http://www.yahoo.com/,-,NONE/-,text/html This should be easy to troubleshoot, however in working on this issue I discovered that if I click on the "Accept AUP policy" link 3 or 4 times then it eventually gives me the green light and sets up a session for me. Then browsing from there on out is ok. I thought I had the problem resolved a few times but discovered that it wasn't after a few other people tried it out. This is my squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl to_localbox dst 192.168.80.5/32 acl mywebserver dst 34.8.132.1/32 # this is my local web server follow_x_forwarded_for allow localhost acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on external_acl_type session ttl=300 children=20 negative_ttl=10 concurrency=200 %SRC /usr/lib/squid/squid_session -t 1800 acl session external session acl localnet src 192.168.80.0/23 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: http_access http_access allow mywebserver http_access allow to_localbox deny_info http://192.168.80.5/index.php?url=%s session http_access allow session http_access deny !session http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports
