Re: [squid-users] Quick question about an cache.log issue

From: Amos Jeffries <[email protected]>
Date: Tue, 6 Nov 2007 12:32:35 +1300 (NZDT)

> In my cache.log I am getting
>
>

Looks to me like:
>
> 2007/11/05 09:23:42| The request GET http://cp.slalom.com/ is DENIED,
> because it matched 'password'

someone forgot their password. or browsers first request for the item.

> 2007/11/05 09:23:42| The reply for GET http://cp.slalom.com/ is ALLOWED,
> because it matched 'password'

remembered password, or browser passed it on this time.

> 2007/11/05 09:23:42| The request GET http://cp.slalom.com/ is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for GET http://cp.slalom.com/ is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request GET http://cp.slalom.com/ is ALLOWED,
> because it matched 'ProxyUsers'
>
> 2007/11/05 09:23:42| The reply for GET http://cp.slalom.com/ is ALLOWED,
> because it matched 'all'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'ProxyUsers'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'ProxyUsers'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is DENIED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The reply for CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'password'
>
> 2007/11/05 09:23:42| The request CONNECT cp.slalom.com:443 is ALLOWED,
> because it matched 'ProxyUsers'
>
>
>
> In my conf I only see two lines that have password in them
>
>
>
> # Use domain authentication (-G for domain global group)
>
> external_acl_type win_domain_group ttl=120 %LOGIN
> e:/squid/libexec/mswin_check_lm_group.exe -G
>
>
>
> # Users must be in the ProxyUsers group in AD (individual users no
> groups)
>
> acl ProxyUsers external win_domain_group ProxyAccess
>
> acl NoProxyUsers external win_domain_group NoProxyAccess
>
>
>
> # Require password for user account
>
> acl password proxy_auth REQUIRED
>
>
>
> http_access allow password ProxyUsers
>
>
>
> Do I have conflicting lines in my conf that would cause this behavior or
> are these normal entries for cache.log?

Everything in cache.log is normal for cache.log. Whether they are normal
entries under your configuration is a more knotty question.

Without knowing the rest of the squid.conf we can't answer whether any of
the unknown lines are conflicting.

The one access line you have listed could only cause:
 - allowed because of 'ProxyUsers'
 - denied because of 'ProxyUsers'

give
http://squid.treenet.co.nz/cf.check/ a post me the Ref:.

Amos
Received on Mon Nov 05 2007 - 16:32:39 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST