Alex Tsalolikhin wrote:
>
> Hi,
>
> Problem: We need to limit access to our Squid installation
> to ~90,000 specified ip addresses.
>
> We've set up an external_acl_type and external acl checker
> to check the ip address against the flat file listing the
> permitted ip addresses, and this mostly works, but not always:
> squid access log occasionally shows TCP_DENIED/403 for IP
> addresses that _are_ in the allow file and that should have
> been let through.
>
> After adding logging to the external acl checker, I see that
> the external acl checker was never queried about the ip addreses
> that got denied.
Odd.. it should have got queried at least once...
Is your problem persistent, or does it help if the user just retries the
request?
There is a known bug in 2.5.STABLE2 where external acl lookups
occationally can give a false negative if there is a second request just
as the acl lookup of another request with the same acl information is
being verified, but I do not know of any bugs where the external helper
is not queried at all.
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE2-concurrent_external_acl
Regards
Henrik
-- Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org> Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Tue Apr 15 2003 - 01:01:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:58 MST