I got it resolved. Thanks Eliezer, you helped me to fix this error initially
I tried what you sent but it didn't work, that is what I thought, but then I
figured it was the PHP script which was wrong and so I reverted the changes
and tried it, now it work fine. thanks you
Thanks & Regards
Vijay
-----Original Message-----
From: Eliezer Croitoru [mailto:eliezer_at_ngtech.co.il]
Sent: Tuesday, March 20, 2012 2:51 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] whitelisted IP problem
On 20/03/2012 07:53, Vijay wrote:
> 2012/03/20 10:14:23.889| aclCheckFast: list: 0x175c860
> 2012/03/20 10:14:23.889| ACLChecklist::preCheck: 0xbfccd8b4 checking
> 'ident_lookup_access deny all'
> 2012/03/20 10:14:23.889| ACLList::matches: checking all
> 2012/03/20 10:14:23.889| ACL::checklistMatches: checking 'all'
> 2012/03/20 10:14:23.889| aclIpAddrNetworkCompare: compare:
> 122.166.1.184:48347/[::] ([::]:48347) vs [::]-[::]/[::]
> 2012/03/20 10:14:23.890| aclIpMatchIp: '122.166.1.184:48347' found
> 2012/03/20 10:14:23.890| ACL::ChecklistMatches: result for 'all' is 1
> 2012/03/20 10:14:23.890| ACLList::matches: result is true
> 2012/03/20 10:14:23.890| aclmatchAclList: 0xbfccd8b4 returning true
> (AND list satisfied)
> 2012/03/20 10:14:23.890| ACLChecklist::markFinished: 0xbfccd8b4
> checklist processing finished
> 2012/03/20 10:14:23.890| FilledChecklist.cc(168) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0xbfccd8b4
> 2012/03/20 10:14:23.890| ACLChecklist::~ACLChecklist: destroyed
> 0xbfccd8b4
i'm trying again to understand and if your htt_access wasnt changed thi line
here is the beginning of the aclchek for the client.
starts with manager = 127.0.0.1
> 2012/03/20 10:14:23.890| ACLChecklist::preCheck: 0x19f0128 checking
> 'http_access allow manager localhost server'
> 2012/03/20 10:14:23.890| ACLList::matches: checking manager
> 2012/03/20 10:14:23.890| ACL::checklistMatches: checking 'manager'
> 2012/03/20 10:14:23.890| ACL::ChecklistMatches: result for 'manager'
> is 0
> 2012/03/20 10:14:23.890| ACLList::matches: result is false
conclusion not from 127.0.0.1 means other ip and moving to the next
htt_access rule to check if there is allow to accomplish there.
> 2012/03/20 10:14:23.890| aclmatchAclList: 0x19f0128 returning false
> (AND list entry failed to match)
> 2012/03/20 10:14:23.890| aclmatchAclList: async=0 nodeMatched=0
> async_in_progress=0 lastACLResult() = 0 finished() = 0
starting the dont allow manager rule
> 2012/03/20 10:14:23.890| ACLChecklist::preCheck: 0x19f0128 checking
> 'http_access deny manager'
> 2012/03/20 10:14:23.890| ACLList::matches: checking manager
> 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'manager'
> 2012/03/20 10:14:23.891| ACL::ChecklistMatches: result for 'manager'
> is 0
> 2012/03/20 10:14:23.891| ACLList::matches: result is false
it's not mangaer so moving on to the next rule.
> 2012/03/20 10:14:23.891| aclmatchAclList: 0x19f0128 returning false
> (AND list entry failed to match)
> 2012/03/20 10:14:23.891| aclmatchAclList: async=0 nodeMatched=0
> async_in_progress=0 lastACLResult() = 0 finished() = 0
moving to the next wich means dont allow to any of ports other then the list
of safe "443,80 etc.."
> 2012/03/20 10:14:23.891| ACLChecklist::preCheck: 0x19f0128 checking
> 'http_access deny !Safe_ports'
> 2012/03/20 10:14:23.891| ACLList::matches: checking !Safe_ports
> 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'Safe_ports'
> 2012/03/20 10:14:23.891| ACL::ChecklistMatches: result for
> 'Safe_ports' is 1
> 2012/03/20 10:14:23.891| ACLList::matches: result is false
it's not matching not dafe ports cause it's port 80
> 2012/03/20 10:14:23.891| aclmatchAclList: 0x19f0128 returning false
> (AND list entry failed to match)
> 2012/03/20 10:14:23.891| aclmatchAclList: async=0 nodeMatched=0
> async_in_progress=0 lastACLResult() = 0 finished() = 0
the next rule will be trying the CONNECT method on not SSL ports (443).
> 2012/03/20 10:14:23.891| ACLChecklist::preCheck: 0x19f0128 checking
> 'http_access deny CONNECT !SSL_ports'
> 2012/03/20 10:14:23.891| ACLList::matches: checking CONNECT
> 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'CONNECT'
> 2012/03/20 10:14:23.891| ACL::ChecklistMatches: result for 'CONNECT'
> is 1
> 2012/03/20 10:14:23.891| ACLList::matches: result is true
and you <<< do try to use ssl>>> (why?)
squid client wont use connect... ssl.. means i suppose you are using wrong
code to get the site content.
> 2012/03/20 10:14:23.891| ACLList::matches: checking !SSL_ports
> 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'SSL_ports'
> 2012/03/20 10:14:23.892| ACL::ChecklistMatches: result for 'SSL_ports'
> is 0
> 2012/03/20 10:14:23.892| ACLList::matches: result is true
conclusion ..you are trying to use CONNECT to not SSL port so...
> 2012/03/20 10:14:23.892| aclmatchAclList: 0x19f0128 returning true
> (AND list
> satisfied)
squid finding you answering the http_access acl and will deny the connection
means you didn't add the acl's and http_access rule i sent you.
look at what i sent you and try again after.
Regards,
Eliezer
> 2012/03/20 10:14:23.892| ACLChecklist::markFinished: 0x19f0128
> checklist processing finished
> 2012/03/20 10:14:23.892| ACLChecklist::check: 0x19f0128 match found,
> calling back with 0
> 2012/03/20 10:14:23.892| ACLFilledChecklist::checkCallback: 0x19f0128
> answer=0
> 2012/03/20 10:14:23.892| ACLChecklist::checkCallback: 0x19f0128
> answer=0
> 2012/03/20 10:14:23.892| aclIsProxyAuth: called for SSL_ports
> 2012/03/20 10:14:23.892| ACL::FindByName 'SSL_ports'
> 2012/03/20 10:14:23.892| aclIsProxyAuth: returning 0
> 2012/03/20 10:14:23.892| Gadgets.cc(57) aclGetDenyInfoPage: got called
> for SSL_ports
> 2012/03/20 10:14:23.892| aclGetDenyInfoPage: no match
> 2012/03/20 10:14:23.892| FilledChecklist.cc(168) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0x19f0128
> 2012/03/20 10:14:23.892| ACLChecklist::~ACLChecklist: destroyed
> 0x19f0128
> 2012/03/20 10:14:23.893| FilledChecklist.cc(168) ~ACLFilledChecklist:
> ACLFilledChecklist destroyed 0x19f0128
> 2012/03/20 10:14:23.893| ACLChecklist::~ACLChecklist: destroyed
> 0x19f0128
> 2012/03/20 10:14:23.893| ConnStateData::swanSong: FD 11
>
>
>
> Thanks& Regards
> Vijay
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer <at> ngtech.co.ilReceived on Tue Mar 20 2012 - 09:32:15 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:04 MDT