On 7/12/2016 12:01 a.m., Ricardo Pardim Claus wrote: > Dear Amos, > Thanks for the initial contact. > > Now I'm getting an error message. > I placed the domain in the allowed domain list. I still get the access denied message. > Can you tell me why I'm getting this status code "TCP_MISS / 403", which actually refers to "Forbidden"? > Because the client was forbidden to access those URLs at that time, in that way, with the information in the request sent. > In "Squid Version 3.5.19", I have Squidguard running as well. In the logs I do not see anything that references the site in question. > In Version 2.6.STABLE22, I have the Dansguardian running. So you have a modern proxy with an obsolete traffic filtering plugin, being compared with an obsolete Squid version chained end-to-end with an unspecified version of another proxy software product. What is the point? > > The following are performed only in Squid Version 3.5.19: > > 1481019362.202 5 172.16.16.158 TCP_MISS/403 2836 GET http://www3.centauroseg.com.br/centauroonline/ - HIER_DIRECT/172.16.16.7 text/html > 1481019362.221 4 172.16.16.158 TCP_MISS/403 2828 GET http://www3.centauroseg.com.br/favicon.ico - HIER_DIRECT/172.16.16.7 text/html The "MISS" part and the HEIR_DIRECT means almost certainly the response was generated by the server. Though you could have configured that not to be true. Lacking any info about your software config (both Squid and everything else plugged into it [squidguard]) that is the best anyone can say right now. The tool at redbot.org tells me there are 200 and 404 responses coming out of the server now for those URLs. > > Squid Cache: Version 2.6.STABLE22 > > > 1481020252.226 0 172.16.16.158 TCP_OFFLINE_HIT/200 1017 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/login?UsrNome=05011810438502&UsrSenha=Vm1wQmVGRXdNVlZWV0djOQ== - NONE/- application/json > Dec 6 08:30:52 srv05 squid[17957]: 1481020252.226 0 172.16.16.158 TCP_OFFLINE_HIT/200 1017 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/login?UsrNome=05011810438502&UsrSenha=Vm1wQmVGRXdNVlZWV0djOQ== - NONE/- application/json > 1481020252.253 16 172.16.16.158 TCP_OFFLINE_HIT/200 768 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/permissoes?wUsrCodigo=113 - NONE/- application/json > Dec 6 08:30:52 srv05 squid[17957]: 1481020252.253 16 172.16.16.158 TCP_OFFLINE_HIT/200 768 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/permissoes?wUsrCodigo=113 - NONE/- application/json > 1481020252.274 20 172.16.16.158 TCP_OFFLINE_HIT/200 612 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/nomeUsuarioLogado?TabelaMaster=CADCOMISSIONADOS&CodigoUsuario=45 - NONE/- application/json > Dec 6 08:30:52 srv05 squid[17957]: 1481020252.274 20 172.16.16.158 TCP_OFFLINE_HIT/200 612 GET http://www3.centauroseg.com.br/centauroonline/servico/recurso/relacao/nomeUsuarioLogado?TabelaMaster=CADCOMISSIONADOS&CodigoUsuario=45 - NONE/- application/json > 1481020252.350 19 172.16.16.158 TCP_IMS_HIT/304 351 GET http://www3.centauroseg.com.br/centauroonline/images/linhaAcesso.png - NONE/- image/png > Dec 6 08:30:52 srv05 squid[17957]: 1481020252.350 19 172.16.16.158 TCP_IMS_HIT/304 351 GET http://www3.centauroseg.com.br/centauroonline/images/linhaAcesso.png - NONE/- image/png > 1481020252.357 6 172.16.16.158 TCP_IMS_HIT/304 352 GET http://www3.centauroseg.com.br/centauroonline/images/acessoCorretor.jpg - NONE/- image/jpeg > Dec 6 08:30:52 srv05 squid[17957]: 1481020252.357 6 172.16.16.158 TCP_IMS_HIT/304 352 GET http://www3.centauroseg.com.br/centauroonline/images/acessoCorretor.jpg - NONE/- image/jpeg > 1481020252.377 19 172.16.16.158 TCP_IMS_HIT/304 363 GET http://www3.centauroseg.com.br/centauroonline/fonts/Gotham/GothamBlack.woff - NONE/- application/font-woff > Dec 6 08:30:52 srv05 squid[17957]: 1481020252.377 19 172.16.16.158 TCP_IMS_HIT/304 363 GET http://www3.centauroseg.com.br/centauroonline/fonts/Gotham/GothamBlack.woff - NONE/- application/font-woff > Which if those lines is accessing the favicon.ico file ... Consider: " Grass in springtime is green if you go outside and look at it, but the sky when looked at through a window is blue. Do you believe there must be some problem with the window not making the sky the same color as grass? just because the window exists? " The log lines you are posting are all about different things, with no overlap. Like sky compared to grass - they are simply different things going on. The proxy access.log is simply a statement of what happened. It does not tell anyone the *why*. And nobody can do better than guesswork given only log entries. > > See the logs when the failure occurs (when accessing the resource within the site, I'm redirected to the login page). 4xx do not necessarily mean failure. They mean that the server needs the client to send something different to get the resource at the URL being requested. The value of the 4xx code and other details in the reply indicate what needs to change (or may not). What you are calling a "redirect" seems to be in fact the payload of the 419 message. What you see in the logs appears to be how the website is designed to operate. *Especially* since there are custom codes involved The site server is intentionally sending them. Both the 4xx code and the action that happens because of that response are being forced by the server. Squid-2.x is HTTP/1.0 software. It follows the RFC 1945 protocol. 2.6 follows some features of RFC 2616, but mostly not. Squid-3.x is HTTP/1.1 software. It follows most of RFC 2616 and a few bits of the new RFC 723x specifications. Some things of the proxy behaviour is the same. But when the client and server are both HTTP/1.1 as well the behaviour of 3.x can be very different to Squid-2.x. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
