[squid-users] Session helper with source IP as key

Hi, I am trying to set up session helper with source IP as the lookup key, using squid-2.6.STABLE16-4.fc7. The relevant sections of my conf are: # TAG: external_acl_type external_acl_type session ttl=10 negative_ttl=0 children=1 concurrency=200 %SRC /usr/lib/squid/squid_session -t 60 # TAG: acl # These are default ACLs acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Custom ACLs go here... acl session external session # TAG: http_access # These are default rules http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Custom rules go here... http_access deny !session http_access allow localhost http_access deny all But the browser is giving Access Denied every time (saying that an ACL is configured to deny access). The cache.log says: 2009/03/13 13:52:51| aclCheck: checking 'http_access deny !session' 2009/03/13 13:52:51| aclMatchAclList: checking !session 2009/03/13 13:52:51| aclMatchAcl: checking 'acl session external session' 2009/03/13 13:52:51| aclMatchExternal: acl="session" 2009/03/13 13:52:51| aclMatchExternal: session("127.0.0.1") = lookup needed 2009/03/13 13:52:51| aclMatchAclList: no match, returning 0 2009/03/13 13:52:51| externalAclLookup: lookup in 'session' for '127.0.0.1' 2009/03/13 13:52:51| externalAclHandleReply: reply="ERR message="Welcome"" 2009/03/13 13:52:51| external_acl_cache_add: Adding '127.0.0.1' = 0 2009/03/13 13:52:51| external_acl_cache_add: updating existing entry 2009/03/13 13:52:51| aclCheck: checking 'http_access deny !session' 2009/03/13 13:52:51| aclMatchAclList: checking !session 2009/03/13 13:52:51| aclMatchAcl: checking 'acl session external session' 2009/03/13 13:52:51| aclMatchExternal: acl="session" 2009/03/13 13:52:51| aclMatchExternal: session = 0 2009/03/13 13:52:51| aclMatchAclList: returning 1 2009/03/13 13:52:51| aclCheck: match found, returning 0 2009/03/13 13:52:51| aclCheckCallback: answer=0 2009/03/13 13:52:51| authenticateFixHeader: headertype:0 authuser:(nil) But if I add authenticated username to the session key (& use an authenticator program), things are working fine. What am I doing wrong? None of the acls (including the external acl for session) are referencing authenticated username, but is it still required? Thanks & Regards, Kaustav Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Received on Fri Mar 13 2009 - 08:46:14 MDT