this is your cache-log right? in access log you should also have denies/allowed lines, right?
first DENIED should be the authrequest (HTTP 407) from squid telling the browser to do a (digest) auth.
then the browser answers this with the auth credentials. and squid sends the page again. don't know how
digest works, but with ntlm auth you have two denied lines...
markus
>-----Urspr�ngliche Nachricht-----
>Von: Ralf Hildebrandt [mailto:Ralf.Hildebrandt@charite.de]
>Gesendet: Dienstag, 20. November 2007 13:42
>An: squid-users@squid-cache.org
>Betreff: [squid-users] Problem with AUTH
>
>I activated ACL debugging using:
>debug_options ALL,1 33,2
>
>Squid 2.6.16-1 logs:
>
>2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443
>is DENIED, because it matched 'digestauthentifizierung'
>2007/11/20 13:32:52| The reply for CONNECT
>lms.fu-berlin.de:443 is ALLOWED, because it matched
>'digestauthentifizierung'
>2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443
>is ALLOWED, because it matched 'digestauthentifizierung'
>
>2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443
>is DENIED, because it matched 'digestauthentifizierung'
>2007/11/20 13:33:07| The reply for CONNECT
>lms.fu-berlin.de:443 is ALLOWED, because it matched
>'digestauthentifizierung'
>2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443
>is ALLOWED, because it matched 'digestauthentifizierung'
>
>2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443
>is DENIED, because it matched 'digestauthentifizierung'
>2007/11/20 13:33:22| The reply for CONNECT
>lms.fu-berlin.de:443 is ALLOWED, because it matched
>'digestauthentifizierung'
>2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443
>is ALLOWED, because it matched 'digestauthentifizierung'
>
>2007/11/20 13:33:40| The request CONNECT lms.fu-berlin.de:443
>is DENIED, because it matched 'digestauthentifizierung'
>2007/11/20 13:33:40| The reply for CONNECT
>lms.fu-berlin.de:443 is ALLOWED, because it matched
>'digestauthentifizierung'
>2007/11/20 13:33:41| The request CONNECT lms.fu-berlin.de:443
>is ALLOWED, because it matched 'digestauthentifizierung'
>
>2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443
>is DENIED, because it matched 'digestauthentifizierung'
>2007/11/20 13:33:52| The reply for CONNECT
>lms.fu-berlin.de:443 is ALLOWED, because it matched
>'digestauthentifizierung'
>2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443
>is ALLOWED, because it matched 'digestauthentifizierung'
>
>According to my config, there are these lines referring to
>"digestauthentifizierung"
>
># grep -2 digestauthentifizierung squid.conf.WLAN
># Rest erlauben -- aber nur authorisiert!
>#
>acl digestauthentifizierung proxy_auth REQUIRED
>http_access allow digestauthentifizierung
>http_access allow CONNECT digestauthentifizierung
>
>#
>
>Why would the request be DENIED and ALLOWED at the same time?
>
>--
>_________________________________________________
>
> Charite - Universit�tsmedizin Berlin
>_________________________________________________
>
> Ralf Hildebrandt
> i.A. Gesch�ftsbereich Informationsmanagement
> Campus Benjamin Franklin
> Hindenburgdamm 30 | Berlin
> Tel. +49 30 450 570155 | Fax +49 30 450 570962
> Ralf.Hildebrandt@charite.de
> http://www.charite.de
>
>----- End forwarded message -----
>
>--
>Ralf Hildebrandt (i.A. des IT-Zentrums)
>Ralf.Hildebrandt@charite.de
>Charite - Universit�tsmedizin Berlin Tel. +49
>(0)30-450 570-155
>Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49
>(0)30-450 570-962
>IT-Zentrum Standort CBF send no mail to
>plonk@charite.de
>
Received on Tue Nov 20 2007 - 07:37:52 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST