Re: [squid-users] url for certification providers

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 15 Nov 2012 11:10:05 +1300

On 15.11.2012 04:49, Jeroen Ruijter wrote:
> How can I allow the lines beneath, so the patterns .ico .crl will
> work without certification errors.
>
>
> 1352906047.969      0 172.16.4.254 TCP_DENIED/407 3937 GET
> http://mscrl.microsoft.com/pki/mscorp/crl/mswww(6).crl - NONE/-
> text/html
> 1352906047.981      0 172.16.4.254 TCP_DENIED/407 3975 GET
> http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl -
> NONE/- text/html
> 1352906047.992      0 172.16.4.254 TCP_DENIED/407 3998 GET
> http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
> - NONE/- text/html
> 1352906048.006 0 172.16.4.254 TCP_DENIED/407 3947 GET
> http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl - NONE/-
> text/html

What makes you think there is anything wrong with these?

407 is a request that the client agent preform login before they can
continue to use the proxy. Did you trim away the followup request where
the client sent login details or is there none? the latter being a
client user-agent problem, not Squid.

This should help you understand what you have to change:
  
http://wiki.squid-cache.org/Features/Authentication#How_do_I_use_authentication_in_access_controls.3F

When you have read that you will understand why we cannot help you
change your config file without seeing what the config contains or even
whether the change will do anything.

Amos
Received on Wed Nov 14 2012 - 22:10:09 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 15 2012 - 12:00:03 MST