On 25/11/2015 11:52 p.m., Eliezer Croitoru wrote: > On 25/11/2015 12:14, Magic Link wrote: >> 1448445753.714 6 10.22.100.3 TCP_MISS/200 799 >> GEThttp://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/Office/Data/v32.cab >> - HIER_DIRECT/127.0.0.1 text/html >> But i do have the denied access page, I can't download the .cab from > the browser >> 1448445766.529 5 10.22.100.3 TCP_MISS/200 834 >> GEThttp://au.v4.download.windowsupdate.com/d/msdownload/update/software/updt/2013/12/windows8.1-kb2909569-x64_da69540676fbda6cd24305056220322b8ef91729.cab >> - HIER_DIRECT/127.0.0.1 text/html >> But i do have the denied access page, I can't download the .cab from > the browser >> 1448445807.418 50 10.22.100.3 TCP_MISS/200 7450 >> GEThttp://v4.download.windowsupdate.com/d/msdownload/update/others/2015/11/19457798_2c503230affa03a9d1065dbf33a681b0fd9a0176.cab >> - HIER_DIRECT/37.58.147.9 application/octet-stream >> No denied access page, I can download the .cab from the browser > > Hey, > > From squid point of view there are two cases. > 1 - that is being fetched from 127.0.0.1 and the other is from some > origin server. > Have you tried to see what happens when you test\run SquidGuard from > command line and manually test the request? > Can you share you squid.conf(stripped blank and comments lines) > Wait up. Magic has been fooled by the marketing words into thinking a "deny page" from SquidGuard actually denies something. It does not. All SG does. All it ever can do. Is tell Squid where to fetch the URL from (rewrite), or to tell Squid to tell the client to try somewhere else (redirect). What Magic is thinking of as a "deny" is actually just a statement "here, fetch the data from 127.0.0.1". Then the SG (aka. 127.0.0.1) when asked responds by dumping out its HTML "error page" text as the reply. This unexpected response completely breaks whatever the client needed to fetch. If the client is a browser then it happily displays the HTML response (as seen in the test described), otherwise it just *breaks* whatever application was running. I expect the real clients are seeing lots of very annoying WindowsUpdate 8002something errors, getting pissed off, and then working to bypass the "that damn proxy" which is breaking their Windows machines. What this means for Squid (and sarg) is that the lines above get logged. The server SG told Squid to contact *did* respond and the response *was* an "HTTP/1.1 200 OK" reply message. Magic; I suggest you drop SG and use squid.conf ACLs instead. Everything SG can do so can Squid itself. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
