RE: AW: [squid-users] Need help

From: Boosten, Peter <[email protected]>
Date: Tue, 23 Apr 2002 13:50:13 +0200

# More info: There are warning messages in cache.log, but 1
# user is able to
# log on to squid at 2 different IPs. This should be rejected
# by the entries
# "authenticate_ip_ttl = 90 seconds" and
# "authenticate_ip_ttl_is_strict on" in
# squid.conf
#

I suspect the problem (we've had simmilar cases) is in the fact that Squid
doesn't reset the timer, once set.
In your case, the ttl is set to 90 seconds. The timer will be reset after
the 90 seconds expire (that is what happens in our log anyway).

We set the ttl to 60 seconds (we raised that btw), but had different
IP-addresses connecting through the proxy successfully, within that 60
seconds.

Modified log for one user, two IP-addresses:
Mon Apr 22 08:49:03 2002 172.21.64.221 TCP_REFRESH_MISS/200
Mon Apr 22 08:49:04 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:07 2002 172.21.64.221 TCP_MISS/200 <-
last hit for IP A
Mon Apr 22 08:49:08 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:16 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:16 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:29 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:31 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:31 2002 172.21.64.156 TCP_DENIED/403
Mon Apr 22 08:49:45 2002 172.21.64.156 TCP_MISS/200 <-
first hit for IP B
Mon Apr 22 08:49:46 2002 172.21.64.156 TCP_MISS/200

Only 38 seconds between the two authentications (for same user, different
IP-addresses).

We use 2.4Stable2 btw.

Peter

Disclaimer
1. This e-mail is for the intended recipient only. If you have received it
by mistake please let us know by reply and then delete it from your system;
access, disclosure, copying, distribution or reliance on any of it by anyone
else is prohibited.

2. If you as intended recipient have received this e-mail incorrectly,
please notify the sender (via e-mail) immediately. This e-mail is
confidential and may be legally privileged. DSM does not guarantee that the
information sent and/or received by or with this e-mail is correct and does
not accept any liability for damages related thereto.
Received on Tue Apr 23 2002 - 05:50:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:39 MST