Thanks for a quick reply. We only have a few content types allowed for the intranet clients. The page which I am trying to access has the content type application/xml which I have already put in the allowed content types. How do I permit 302 status through squid? Thanks On 6/15/12, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 15/06/2012 11:59 p.m., Chaitanya Shastri wrote: >> Hi All, >> We have a small setup of squid/3.0.STABLE19 along with squidGuard >> as a url re-writer. We have some problem navigating to internal pages >> of Linkedin site. >> Initially, I tried to debug using setting "strip_query_terms off" >> and debug options to 28,5. Then I watched the cache.log file. We have >> a setup such that users are allowed only a certain mime types. >> So I have an acl set for that which defines the allowed mime types: >> >> For Ex: acl mimeallowp rep_mime_type -i ^application/pdf$ ... >> >> Then following that I allow the clients in the localnet to access only >> those mime types: >> >> Ex. http_reply_access allow mimeallowp >> >> And finally I deny all: >> >> http_reply_access deny all >> >> What I got from the log file, browsing internal pages of Linkedin was >> that squid parses all mimeallowp's and then does not find a match and >> simply executes http_reply_access deny all and displays Access Denied >> Page. >> >> When I change the line http_reply_access allow mimeallowp with >> http_reply_access localnet where localnet is an acl defining internal >> subnet, all works fine. But I do not want to allow access to client >> machines to access all the mime type. >> >> I also checked the HTTP Headers using the LiveHeaders plugin. There I >> got that the page I was accessing has a "HTTP/1.0 302 Moved >> Temporarily" header. But when I go through squid server, I get a >> "HTTP/1.0 403 Forbidden" header from squid server itself. >> >> Does that mean that squid server is not being able to handle >> redirections properly? > > Uhm, what Content-Type does a non-existent body have? > > >> What do I do in this situation? > > You can permit 302 status, the followup request for an object will go > through your ACL controls anyway. > > Amos >
