Hi There
On the firewall, are there rules in place to allow port 3130 UDP to and from
the outside proxy to the internal one ?
Take out the never_direct allow all
Set half_closed_connections to off
make sure the parent proxy line reads
cache_peer squid-cache-2.sun.ac.za parent 3128 3130
Let us know
Regards
Gert Brits
-----Original Message-----
From: Johann Spies [mailto:jspies@sun.ac.za]
Sent: Tuesday, July 06, 2004 12:45 PM
To: squid-users@squid-cache.org
Subject: [squid-users] VBScript runtime error
We have three proxy servers on the campus - two outside the firewall
and one inside the firewall. The last one is the library's proxy. It
is configured to use the outside proxies as parents and also have the
acl:
never_direct allow all
The library is paying for internet traffic to certain cites.
One of those sites is http://www.woordeboek.co.za which works
perfectly when one uses the outside proxies but not through the inside
proxy. When we try to use the lib-proxy to access it some browsers
(like Mozilla and at least one IE) reports:
---------------
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "30, 146.232.75.208"]'
/includes/ipauthentication.asp, line 3
----------------
Others just get the message "This site could not be displayed" or
something similar.
An effort to make a connection to www.woordeboek.co.za using lib-proxy
caused these entries in the access.logs of
lib-proxy (146.232.75.208):
1089094746.154 0 146.232.128.30 TCP_MISS/500 629 GET
http://www.woordeboek.co.za/ - ANY_PARENT/squid-cache-2.sun.ac.za
text/html
And in squid-cache-2 (196.168.1.2):
1089094746.193 0 192.168.1.1 UDP_MISS/000 49 ICP_QUERY
http://www.woordeboek.co.za/ - NONE/- -
1089094747.193 1000 146.232.75.208 TCP_MISS/500 584 GET
http://www.woordeboek.co.za/ - DIRECT/196.2.63.90 text/html
1089094747.193 0 192.168.1.1 UDP_MISS/000 49 ICP_QUERY
http://www.woordeboek.co.za/ - NONE/- -
1089094747.193 0 146.232.75.208 TCP_MISS/500 584 GET
http://www.woordeboek.co.za/ - DIRECT/196.2.63.90 text/html
In squid-cache-1 (192.168.1.1):
1089094747.185 64 146.232.75.208 TCP_MISS/500 640 GET
http://www.woordeboek.co.za/ - TIMEOUT_DIRECT/196.2.63.90 text/html
1089094747.189 0 192.168.1.2 UDP_MISS/000 49 ICP_QUERY
http://www.woordeboek.co.za/ - NONE/- -
1089094747.331 65 146.232.75.208 TCP_MISS/500 640 GET
http://www.woordeboek.co.za/ - DIRECT/196.2.63.90 text/html
1089094747.336 0 192.168.1.2 UDP_MISS/000 49 ICP_QUERY
http://www.woordeboek.co.za/ - NONE/- -
I have read about a similar problem during a google search but there
the solution was to use
allways_direct deny all
never_direct allow all
which did not provide a solution to me.
The acl for the site in squid.conf looks like this:
acl openhosts dstdomain .woordeboek.co.za
Any ideas?
Regards
Johann
-- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you." Matthew 7:7Received on Tue Jul 06 2004 - 05:12:09 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT