On 9/05/2016 5:19 p.m., Mark Carey wrote: > Hi, > > Running squid 3.1.19-1ubuntu3.12.04.2. > Please ugrade. Both your Squid and Ubuntu are very much past their end-of-life dates. > acl sefup dst massing-uploads.s3.amazonaws.com > acl sefairauser src 192.168.10.54/32 > http_access allow sefairauser sefup > http_access allow CONNECT sefairauser sefup > > When run "normally" and my application (or browser) tries to access > the site I get, TCP_DENIED > > 1462769200.720 6 192.168.10.54 TCP_DENIED/403 3737 CONNECT > massing-uploads.s3.amazonaws.com:443 - NONE/- text/html > > If I enable debugging > > debug_options 28,1 > > The application seems to start working > > 1462769557.248 10409 192.168.10.54 TCP_MISS/200 4026 CONNECT > massing-uploads.s3.amazonaws.com:443 - DIRECT/54.231.14.9 - > > Now the server owner could be having problems at their end and dishing > out different responses from different hosts in their pool of hosts in > their Amazon AWS cloud. > > Is there any reason why squid would use different code paths with > debug_options set? Not with 28,1. I expect it is your use of dst ACL type. Domain and host names used in IP based ACLs are resolved on startup or reconfigure. Use dstdomain for name-based access control. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
