so ive tried to simplify this to see if i can work out whats going on
squid 2.6.17 on gentoo linux
/etc/squid/ip_user.conf
127.0.0.1 ALL
/etc/squid/squid.conf
hepworth andrew # grep ^[a-z] /etc/squid/squid.conf
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 1 hours
auth_param basic casesensitive off
external_acl_type ip_user_helper %SRC %LOGIN
/usr/libexec/squid/ip_user_check -f /etc/squid/ip_user.conf
acl all src 0.0.0.0/0.0.0.0
acl hepworth external ip_user_helper
http_access allow hepworth
http_access deny all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
debug_options ALL,1 33,2 28,9
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname AnnesHouse
forwarded_for off
coredump_dir /var/cache/squid
hepworth andrew #
and i use a browser to get http://www.bbc.co.uk which -> cache access denied
and this in cache.log
2008/03/19 21:37:16| aclCheckFast: list: 0x82a76f0
2008/03/19 21:37:16| aclMatchAclList: checking all
2008/03/19 21:37:16| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/19 21:37:16| aclMatchIp: '127.0.0.1' found
2008/03/19 21:37:16| aclMatchAclList: returning 1
2008/03/19 21:37:16| aclCheck: checking 'http_access allow hepworth'
2008/03/19 21:37:16| aclMatchAclList: checking hepworth
2008/03/19 21:37:16| aclMatchAcl: checking 'acl hepworth external
ip_user_helper'
2008/03/19 21:37:16| aclMatchAcl: returning 0 sending authentication
challenge.
2008/03/19 21:37:16| aclMatchAclList: no match, returning 0
2008/03/19 21:37:16| aclCheck: requiring Proxy Auth header.
2008/03/19 21:37:16| aclCheck: match found, returning 2
2008/03/19 21:37:16| aclCheckCallback: answer=2
2008/03/19 21:37:16| The request GET http://www.bbc.co.uk/ is DENIED,
because it matched 'hepworth'
2008/03/19 21:37:16| The reply for GET http://www.bbc.co.uk/ is ALLOWED,
because it matched 'hepworth'
it would appear to be authenticating the user ( ie ALL from 127.0.0.1)
so where is it denying the request ?
Received on Wed Mar 19 2008 - 15:42:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT