RE: [squid-users] errors in cache.log; no connection data....... ..

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 18 Nov 2002 15:52:21 +0100

Well.. From the Squid-2.5.STABLE1 release notes:

3. Known limitations

   There is a few limitations to this version of Squid that we
   hope to correct in a later release

   authentication
          The proxy authentication acl types only works in
          http_access and partially in delay_access, not the
          other acl driven directives (tcp_outoing_address,
          redirect_access, cache_peer_access, ...)

And yes, this applies to http_reply_access also. http_reply_access is
not http_access.

There is a patch in the known bugs section which addresses part of this,
and we do hope to have this working in STABLE2.. (but watch the release
notes carefully)

Regards
Henrik

mån 2002-11-18 klockan 12.55 skrev Chris Tatro:
> Henrik, I am using a proxy_auth based ACL on http_reply_access. It seemed to
> work fine when I tested it. I have one group that isn't allowed to download
> files like mp3 and mpeg files and another group that is allowed to download
> files off the internet. Or is http_reply_access not designed to work with a
> proxy_auth based ACL?
>
> Thanks,
> Chris
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl http_ports port 80 443 563 10000
> acl all_ports port 1-65535
>
> acl CONNECT method CONNECT
> acl restricted_users_websites dstdomain
> "/etc/squid/restricted_users_websites.txt"
> acl restricted_users_ip-addresses dst
> "/etc/squid/restricted_users_ip-addresses.txt"
> acl my_network src 172.16.0.0-172.25.0.0/255.255.0.0
>
> acl unrestricted_users_no_download proxy_auth
> "/etc/squid/unrestricted_users_no_download.txt"
> acl restricted_users proxy_auth "/etc/squid/restricted_users.txt"
> acl unrestricted_users_download proxy_auth
> "/etc/squid/unrestricted_users_download.txt"
>
> acl downloads rep_mime_type "/etc/squid/mime_type_blocked_download.txt"
> acl blocked_urls url_regex "/etc/squid/blocked_urls.txt"
> acl available_download_websites dstdomain
> "/etc/squid/available_download_websites.txt"
>
>
>
> [root@SQUID root]# grep _access /etc/squid/squid.conf
> http_access allow manager localhost
> http_access deny blocked_urls
> http_access allow restricted_users restricted_users_websites http_ports
> my_network
> http_access allow restricted_users restricted_users_ip-addresses http_ports
> my_network
> http_access allow unrestricted_users_no_download all http_ports my_network
> http_access allow unrestricted_users_download all all_ports my_network
> http_access allow proxy_server http_ports my_network
> miss_access allow all
> http_access allow localhost
> http_access deny all
>
> http_reply_access allow available_download_websites
> http_reply_access deny restricted_users downloads
> http_reply_access deny unrestricted_users_no_download downloads
> http_reply_access allow unrestricted_users_download downloads
> http_reply_access allow all
>
> icp_access allow all
>
> [root@SQUID root]#
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Saturday, November 16, 2002 3:39 PM
> To: Chris Tatro
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] errors in cache.log; no connection data.........
>
> Seems you are trying to use a proxy_auth based ACL somewhere else than
> in http_access. Maybe this is in a delay_pool_access or similar
> directive.
>
> "grep _access squid.conf", and make sure proxy_auth based ACLs is only
> used in http_access.
>
> Regards
> Henrik
>
>
> Chris Tatro wrote:
> >
> > I am running squid 2.5stable1 on redhat Linux with ntml authentication
> > against a Windows NT domain controller. My question is why I am getting
> > thousands of line in my cache.log saying the following. I have about
> twenty
> > users set up on the proxy right now but plan to add many more once I get
> the
> > bugs worked out. None of the users have complained about getting to
> websites
> > so I am assuming everything is working fine for them.
> >
> > 2002/11/15 14:26:03| authenticateAuthenticate: no connection data, cannot
> > process authentication
> >
> > Thanks, Chris
Received on Thu Nov 21 2002 - 10:59:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:30 MST