On 21/05/2014 1:52 a.m., Trenta sis wrote: > Hello, > > I have Debian Squeeze with squid3: > ii sarg 2.3.1-1~bpo60+1 > squid analysis report generator > ii squid-langpack 20100628-1 > Localized error pages for Squid > ii squid3 3.1.6-1.2+squeeze2 > A full featured Web Proxy cache (HTTP proxy) > ii squid3-common 3.1.6-1.2+squeeze2 > A full featured Web Proxy cache (HTTP proxy) - common files > > > And we have some problems with some url, for example there are users > that has disconnections when they are editing prezi presentations, in > logs error is: > > 1400591927.068 164 192.168.10.17 TCP_MISS/200 36175 GET > http://cdn-a.prezi.com/bin/modules/imagesearch-bbc2d65a304a2344a4239bda263525a92e1eb21c.swf > 32847 DIRECT/23.51.75.49 application/x-shockwave-flash > 1400591927.173 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT > s3.amazonaws.com:443 - NONE/- text/html > 1400591927.179 0 192.168.10.17 TCP_DENIED/407 4048 CONNECT > s3.amazonaws.com:443 - NONE/- text/html > 1400591927.315 0 192.168.10.17 TCP_DENIED/407 4721 GET > http://www.google-analytics.com/__utm.gif? - NONE/- text/html > 1400591927.320 0 192.168.10.17 TCP_DENIED/407 5032 GET > http://www.google-analytics.com/__utm.gif? - NONE/- text/html > 1400591927.361 39 192.168.10.17 TCP_MISS/200 525 GET > http://www.google-analytics.com/__utm.gif? 32847 DIRECT/173.194.41.9 > image/gif > 1400591927.888 23 192.168.10.17 TCP_MISS/200 525 GET > http://www.google-analytics.com/__utm.gif? 32847 DIRECT/173.194.41.9 > image/gif > 1400591927.891 718 192.168.10.17 TCP_MISS/200 3469 POST > http://prezi.com/api/token/imagerecommendation/ 32847 > DIRECT/54.235.184.72 application/json > 1400591927.901 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT > search.prezi.com:443 - NONE/- text/html > 1400591927.904 1 192.168.10.17 TCP_DENIED/407 4048 CONNECT > search.prezi.com:443 - NONE/- text/html > 1400591928.904 1723 192.168.10.17 TCP_MISS/200 34768 CONNECT > s3.amazonaws.com:443 32847 DIRECT/176.32.102.82 - > 1400591929.193 21000 192.168.10.17 TCP_MISS/503 5544 POST > http://meeting04.prezi.com/ 32847 DIRECT/184.72.217.112 text/html > 1400591929.933 0 192.168.10.17 TCP_DENIED/407 4281 GET > http://s3.amazonaws.com/0103.static.prezi.com/media/d/9/d/435b54a01855f57523aff086e8f19dc72b6a2.jpg > - NONE/- text/html > 1400591929.934 0 192.168.10.17 TCP_DENIED/407 5528 GET > http://0103.static.prezi.com/crossdomain.xml - NONE/- text/html > 1400591929.936 1 192.168.10.17 TCP_DENIED/407 4592 GET > http://s3.amazonaws.com/0103.static.prezi.com/media/d/9/d/435b54a01855f57523aff086e8f19dc72b6a2.jpg > - NONE/- text/html > 1400591929.937 1 192.168.10.17 TCP_DENIED/407 5839 GET > http://0103.static.prezi.com/crossdomain.xml - NONE/- text/html > 1400591930.351 414 192.168.10.17 TCP_MISS/200 828 GET > http://0103.static.prezi.com/crossdomain.xml 32847 > DIRECT/75.101.163.113 text/xml > 1400591930.552 142 192.168.10.17 TCP_MISS/302 569 GET > http://0103.static.prezi.com/thumbnail/330/converted/1/1/a/af15ad4698fd68e3ab40dbfb63f791477916c.jpe > 32847 DIRECT/75.101.163.113 text/html > 1400591930.561 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT > s3.amazonaws.com:443 - NONE/- text/html > 1400591930.563 0 192.168.10.17 TCP_DENIED/407 4048 CONNECT > s3.amazonaws.com:443 - NONE/- text/html > > We are using samba-ldap domain and user are using an acl to allow only > auths users. > > Our proxy is only to generate statitics using sarg, we need that squid > doesn't make any tcp denied or any restriction, we need to allo all > traffic from our internal ip and auth users. How can I do this and > solve this problems with prezi? I dont see any errors in that log. Your Squid is requiring authentication. This requires the client software (prezi) to be capable of authenticating HTTP requests. >From the pattern of two 407 followed by a 200 it appears that you are using NTLM authentication. That type of authentication has a 407 challenge to announce the available auth type(s), a second 407 challenge to deliver security keys from the server, then a third request to receive final authentication from the client. We have had a number of bugs in CONNECT handling over the years. I suggest you install a later squid3 package the one from Debian Wheezy (current stable Debian) repository should work on Squeeze. Amos
