RE: [squid-users] Cannot authorize payment

From: Casey King <[email protected]>
Date: Tue, 21 Feb 2006 15:56:45 -0600

The rule that I added was the http_access deny all AdultBlackListWebsites.

Here is an update. And yes, this is a temporary fix, as I can tell from
Chris Robertson's reply, and through working this issue, that I need to make
some changes in my conf file. I moved my "http_access allow all WcomNet"
rule to the top, and now the accounting department is able to authorize
payments. So I have a lot of work on my hands to reorganize and tighten up
this conf file. As for your questions Chris, all I can say right now, is
that I am still on a learning curve, and I thank you for all your
suggestions, and trust me...over the next couple of days, I will be wrapped
up in this.

http_access allow manager our_networks
#http_access allow all open_for_ip_address
http_access allow all WcomNet
http_access allow WhiteListWebsites AuthLimitedUsers
http_access allow WhiteListIPAddresses AuthLimitedUsers
http_access allow all OpenAccessWhiteListWebsites
http_access allow all OpenAccessWhiteListIpAddresses
http_access deny all AdultBlackListWebsites
http_access allow all Freemarkets
http_access allow all MyTextron
http_access allow all Corrlink
http_access allow all SchwabPlan
#http_access allow all WcomNet
http_access allow all LindWaldock
http_access allow all AuthPowerUsers
http_access allow all AuthIPAddresses
#http_access allow all OpenAccessWhiteListWebsites
#http_access allow all OpenAccessWhiteListIpAddresses
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny !our_networks
http_access allow BrownListWebsites OverRideBrownListUsers
http_access deny all BrownListWebsites
http_access deny all BlackListWebsites
http_access deny all BlackListIpAddresses
http_access deny all BlackListIpAddress1
http_access allow all AuthSafeAccessUsers
#http_access allow WhiteListWebsites AuthLimitedUsers
#http_access allow WhiteListIPAddresses AuthLimitedUsers
http_access deny all

-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@gmail.com]
Sent: Tuesday, February 21, 2006 3:17 PM
To: Casey King
Cc: Squid Mailing List
Subject: Re: [squid-users] Cannot authorize payment

> I have a piece of software called POS-systems for credit card
> authorization. It has been working fine until last week. It tends to
> coincide when I added another rule to the squid.conf file.

  Which rule are you talking about ?

> I have commented the rule out, but
> still having the same problem.
>
> When I try to authorize a transaction I get a 40002 error message,
> looking it up on the POS-systems website, this is a tcp/ip connection
> issue. After working with them and finding the software setup
> properly, I looked at my access.log file to see what was going on.
> Here is what I see:
>
> -------------------------
> 1140552332.683 2 172.16.12.219 TCP_DENIED/407 1729 CONNECT
> ssl.pgs.wcom.net:443 - NONE/- text/html
> ----------------------------
>
> Normally I would expect to see at least 4 lines in a row with this
> information because I am using NTLM and basic authentication. When I
> open a browser, I can nagivate to this https://ssl.pgs.wcom.net. The
> ports that are required to be open and bi-directional are 443, 563,
> and 2112. Here is what I have in my squid.conf:
>
>...

 Perhaps the POS client does not support NTLM auth ?

 M.
Received on Tue Feb 21 2006 - 14:56:54 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST