On 15/06/2012 11:59 p.m., Chaitanya Shastri wrote:
Hi All,
We have a small setup of squid/3.0.STABLE19 along with squidGuard
as a url re-writer. We have some problem navigating to internal pages
of Linkedin site.
Initially, I tried to debug using setting "strip_query_terms off"
and debug options to 28,5. Then I watched the cache.log file. We have
a setup such that users are allowed only a certain mime types.
So I have an acl set for that which defines the allowed mime types:
For Ex: acl mimeallowp rep_mime_type -i ^application/pdf$ ...
Then following that I allow the clients in the localnet to access only
those mime types:
Ex. http_reply_access allow mimeallowp
And finally I deny all:
http_reply_access deny all
What I got from the log file, browsing internal pages of Linkedin was
that squid parses all mimeallowp's and then does not find a match and
simply executes http_reply_access deny all and displays Access Denied
Page.
When I change the line http_reply_access allow mimeallowp with
http_reply_access localnet where localnet is an acl defining internal
subnet, all works fine. But I do not want to allow access to client
machines to access all the mime type.
I also checked the HTTP Headers using the LiveHeaders plugin. There I
got that the page I was accessing has a "HTTP/1.0 302 Moved
Temporarily" header. But when I go through squid server, I get a
"HTTP/1.0 403 Forbidden" header from squid server itself.
Does that mean that squid server is not being able to handle
redirections properly?
Uhm, what Content-Type does a non-existent body have?
What do I do in this situation?
You can permit 302 status, the followup request for an object will go
through your ACL controls anyway.
Amos
