RE: [squid-users] errors in cache.log; no connection data....... ..

Well.. From the Squid-2.5.STABLE1 release notes:

3. Known limitations

   There is a few limitations to this version of Squid that we
   hope to correct in a later release

   authentication
          The proxy authentication acl types only works in
          http_access and partially in delay_access, not the
          other acl driven directives (tcp_outoing_address,
          redirect_access, cache_peer_access, ...)

And yes, this applies to http_reply_access also. http_reply_access is
not http_access.

There is a patch in the known bugs section which addresses part of this,
and we do hope to have this working in STABLE2.. (but watch the release
notes carefully)

Regards
Henrik

m�n 2002-11-18 klockan 12.55 skrev Chris Tatro:
> Henrik, I am using a proxy_auth based ACL on http_reply_access. It seemed to
> work fine when I tested it. I have one group that isn't allowed to download
> files like mp3 and mpeg files and another group that is allowed to download
> files off the internet. Or is http_reply_access not designed to work with a
> proxy_auth based ACL?
>
> Thanks,
> Chris
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl http_ports port 80 443 563 10000
> acl all_ports port 1-65535
>
> acl CONNECT method CONNECT
> acl restricted_users_websites dstdomain
> "/etc/squid/restricted_users_websites.txt"
> acl restricted_users_ip-addresses dst
> "/etc/squid/restricted_users_ip-addresses.txt"
> acl my_network src 172.16.0.0-172.25.0.0/255.255.0.0
>
> acl unrestricted_users_no_download proxy_auth
> "/etc/squid/unrestricted_users_no_download.txt"
> acl restricted_users proxy_auth "/etc/squid/restricted_users.txt"
> acl unrestricted_users_download proxy_auth
> "/etc/squid/unrestricted_users_download.txt"
>
> acl downloads rep_mime_type "/etc/squid/mime_type_blocked_download.txt"
> acl blocked_urls url_regex "/etc/squid/blocked_urls.txt"
> acl available_download_websites dstdomain
> "/etc/squid/available_download_websites.txt"
>
>
>
> [root@SQUID root]# grep _access /etc/squid/squid.conf
> http_access allow manager localhost
> http_access deny blocked_urls
> http_access allow restricted_users restricted_users_websites http_ports
> my_network
> http_access allow restricted_users restricted_users_ip-addresses http_ports
> my_network
> http_access allow unrestricted_users_no_download all http_ports my_network
> http_access allow unrestricted_users_download all all_ports my_network
> http_access allow proxy_server http_ports my_network
> miss_access allow all
> http_access allow localhost
> http_access deny all
>
> http_reply_access allow available_download_websites
> http_reply_access deny restricted_users downloads
> http_reply_access deny unrestricted_users_no_download downloads
> http_reply_access allow unrestricted_users_download downloads
> http_reply_access allow all
>
> icp_access allow all
>
> [root@SQUID root]#
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Saturday, November 16, 2002 3:39 PM
> To: Chris Tatro
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] errors in cache.log; no connection data.........
>
> Seems you are trying to use a proxy_auth based ACL somewhere else than
> in http_access. Maybe this is in a delay_pool_access or similar
> directive.
>
> "grep _access squid.conf", and make sure proxy_auth based ACLs is only
> used in http_access.
>
> Regards
> Henrik
>
>
> Chris Tatro wrote:
> >
> > I am running squid 2.5stable1 on redhat Linux with ntml authentication
> > against a Windows NT domain controller. My question is why I am getting
> > thousands of line in my cache.log saying the following. I have about
> twenty
> > users set up on the proxy right now but plan to add many more once I get
> the
> > bugs worked out. None of the users have complained about getting to
> websites
> > so I am assuming everything is working fine for them.
> >
> > 2002/11/15 14:26:03| authenticateAuthenticate: no connection data, cannot
> > process authentication
> >
> > Thanks, Chris
Received on Thu Nov 21 2002 - 10:59:06 MST