Re: [squid-users] Java not working behind squid

From: Thomas Klein <mailinglist-postfixbuch_at_online.de>
Date: Wed, 17 Mar 2010 23:21:44 +0100

Truth Seeker schrieb:
>> -
>>
>>>> http_access deny !AuthorizedUsers
>>>>
>>> ... performs authentication. Which was your problem
>>>
>> with
>>
>>> Java...
>>>
>>> order is important!
>>>
>>>
>> So does it mean, i need to put them as the following;
>>
>> ### For JAVA
>> acl Java browser Java/1.4 Java/1.5 Java/1.6
>> acl testnet src 192.168.7.0/24
>> acl testnet src 192.168.8.0/24
>> http_access allow testnet Java
>>
>> http_access deny !AuthorizedUsers
>>
>>
>
>
> Yes when i modified as the above, its working fine....
>
> Now another doubt. will this solve the issues related to all the java sites?
>
>
Hi there,

i have actually also the problem that java-applications are in no way
able to get a working connect to the internet, but this workaround with
the example of http://www.dailyfx.com/ doesn't work for me in any case....
My test-user matches the acl "gruppe_vollzugriff" - i'm using
2.7.STABLE3-4.1 on Debian Lenny with squidguard 1.4. I also use NTLM
auth against a AD.

If I do it in this way:

acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser
acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff
acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis
acl gruppe_test external wbinfo_group Proxygruppe-test
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl localnet src 172.1.0.0/19
...
http_access allow localnet Java
http_access allow gruppe_azubis erlaubte_seiten_azubis
http_access allow gruppe_standarduser
http_access allow gruppe_test
http_access allow gruppe_vollzugriff
http_access deny all

I get in access.log the following:
1268863619.997 13 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
1268863620.008 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
1268863620.022 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
1268863620.034 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -

If i modify the order of the http_access line in this way:

acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser
acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff
acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis
acl gruppe_test external wbinfo_group Proxygruppe-test
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl localnet src 172.1.0.0/19
...
http_access allow gruppe_azubis erlaubte_seiten_azubis
http_access allow gruppe_standarduser
http_access allow gruppe_test
http_access allow gruppe_vollzugriff
http_access allow localnet Java
http_access deny all

I get the following output in the log:
1268864049.866 8 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.900 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.914 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.927 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.940 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.965 15 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.979 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.989 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html

As I described, java isn't able to get a working connect to the
internet. What's wrong in my case? I would be glad if you have a hint
for me....

thanks & best regards
Thomas
Received on Wed Mar 17 2010 - 22:22:47 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 18 2010 - 12:00:04 MDT