Re: [squid-users] Squid on the blink. Working and then not...

From: Gabriel Gunderson <[email protected]>
Date: Wed, 28 Dec 2005 13:09:57 -0700

On 12/28/05, Nolan Rumble <nmr@sun.ac.za> wrote:
> <snip>
>
> acl all src 0.0.0.0/0.0.0.0
> deny_info CUSTOM_ALL all
>
> # LOTS OF ACL NOT BEING USED HAVE BEEN CUT...
>
> acl local-net src 10.0.0.0/255.255.0.0
> deny_info CUSTOM_LOCAL_NET local-net
>
> http_access allow local-net
>
> <snip>
>
> Have you tried just testing the acl src by just having httpd_access
> allow src to see what happens?

No I have not. I think I'm going to go one step further by doing a
"http_access allow" with no acl (just for testing - the firewall will
keep outsiders out).

> What might also be a problem is if your acl local-net doesn't have the
> same subnet mask as the one that your clients are being assigned
> statically or via dhcp?

Same DHCP server we have been running for over a year. All systems
fit the "10.0.0.0/255.255.0.0" range.

> When you say squid doesn't respond, does it return any error messages to
> the client's browser?

I should have mentioned this, sorry. Users see a "Page could not be
displayed error 401" Or in other words an "401 Unauthorized". It
doesn't make any sense to me. The rules don't point to that and
access.log shows nothing for that hit.

> Does it happen when websites with dynamic content
> are accessed (http://yourwebsite.com/index.php?id=8), or with static
> websites (http://yourwebsite.com/link.htm)

All sites - static and dynamic.

> Nolan

Thanks for the input!

--
Gabriel Gunderson
http://gundy.org
Received on Wed Dec 28 2005 - 13:09:58 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:03 MST