I have a piece of software called POS-systems for credit card authorization.
It has been working fine until last week. It tends to coincide when I added
another rule to the squid.conf file. I have commented the rule out, but
still having the same problem.
When I try to authorize a transaction I get a 40002 error message, looking
it up on the POS-systems website, this is a tcp/ip connection issue. After
working with them and finding the software setup properly, I looked at my
access.log file to see what was going on. Here is what I see:
-------------------------
1140552332.683 2 172.16.12.219 TCP_DENIED/407 1729 CONNECT
ssl.pgs.wcom.net:443 - NONE/- text/html
----------------------------
Normally I would expect to see at least 4 lines in a row with this
information because I am using NTLM and basic authentication. When I open a
browser, I can nagivate to this https://ssl.pgs.wcom.net. The ports that
are required to be open and bi-directional are 443, 563, and 2112. Here is
what I have in my squid.conf:
----snip-----
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 1433
acl SSL_ports port 2112
acl SSL_ports port 3389
-----snip------
-----snip-------
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 1203
acl Safe_ports port 1205
acl Safe_ports port 1433
acl Safe_ports port 2112
acl Safe_ports port 3389
--------snip-------
I have added .wcom.net in the list below, and have added to my
openaccesswhitelist.txt, openaccesswhiltelistipaddr.txt, whiteipaddr.txt,
whitelist.txt
acl DoNotCacheWebSites dstdomain "/etc/squid/rules/donotcachewebsites.txt"
acl Freemarkets dstdomain .freemarkets.com
acl MyTextron dstdomain .mytextron.com
acl WComNet dstdomain .wcom.net
acl Corrlink dstdomain .weyerhaeuser.com
acl SchwabPlan dstdomain .schwabplan.com
acl LindWaldock dstdomain .lind-waldock.com
acl BrownListWebsites dstdomain "/etc/squid/rules/brownlist.txt"
acl BlackListWebsites dstdomain "/etc/squid/rules/blacklist.txt"
acl BlackListIpAddresses dst "/etc/squid/rules/blacklistipaddr.txt"
acl BlackListIpAddress1 dst 64.73.35.120
acl OpenAccessWhiteListWebsites dstdomain
"/etc/squid/rules/openaccesswhitelist.txt"
acl OpenAccessWhiteListIpAddresses dst
"/etc/squid/rules/openaccesswhitelistipaddr.txt"
acl WhiteListWebsites dstdomain "/etc/squid/rules/whitelist.txt"
acl WhiteListIPAddresses dst "/etc/squid/rules/whiteipaddr.txt"
acl AuthLimitedUsers proxy_auth REQUIRED
acl AuthPowerUsers proxy_auth "/etc/squid/rules/powerusers.txt"
acl AuthIPAddresses src "/etc/squid/rules/poweripaddresses.txt"
acl AuthSafeAccessUsers proxy_auth "/etc/squid/rules/users.txt"
acl OverRideBrownListUsers proxy_auth "/etc/squid/rules/ovrdbrownlist.txt"
acl AdultBlackListWebsites dstdomain "/etc/squid/rules/adultblacklist.txt"
http_access allow manager our_networks
http_access allow WhiteListWebsites AuthLimitedUsers
http_access allow WhiteListIPAddresses AuthLimitedUsers
http_access allow all OpenAccessWhiteListWebsites
http_access allow all OpenAccessWhiteListIpAddresses
http_access deny all AdultBlackListWebsites
http_access allow all Freemarkets
http_access allow all MyTextron
http_access allow all Corrlink
http_access allow all SchwabPlan
http_access allow all WcomNet
http_access allow all LindWaldock
http_access allow all AuthPowerUsers
http_access allow all AuthIPAddresses
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny !our_networks
http_access allow BrownListWebsites OverRideBrownListUsers
http_access deny all BrownListWebsites
http_access deny all BlackListWebsites
http_access deny all BlackListIpAddresses
http_access deny all BlackListIpAddress1
http_access allow all AuthSafeAccessUsers
http_access deny all
Received on Tue Feb 21 2006 - 13:26:42 MST
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST