On Tue, 10 May 2005 Stefan.Vogel@temic.com wrote:
> Hello,
>
> I tried and get this in access.log
> 172.25.9.90 - - [10/May/2005:11:55:34 +0200] "GET http://www.heise.de/
> HTTP/1.1" 407 1802 TCP_DENIED:NONE
> 172.25.9.90 - vogels [10/May/2005:11:55:41 +0200] "GET http://www.heise.de/
> HTTP/1.1" 403 1381 TCP_DENIED:NONE
>
> and this in cache.log
> 2005/05/10 11:55:34| The request GET http://www.heise.de/ is DENIED,
> because it matched 'inet_users'
> 2005/05/10 11:55:34| The reply for GET http://www.heise.de/ is ALLOWED,
> because it matched 'all'
> 2005/05/10 11:55:41| The request GET http://www.heise.de/ is DENIED,
> because it matched 'all'
> 2005/05/10 11:55:41| The reply for GET http://www.heise.de/ is ALLOWED,
> because it matched 'all'
>
> in squid.conf I have
> ....
> http_access allow inet_users
> ...
> http_access deny all
> ...
>
> the acl inet_users is the ldap-group-helper, and of course I am in that
> group.
>
> I don't understand why there is ALLOWED because it matches ALL...
Don't worry, its the http_reply_access check (hinted by "The reply for
...." in the debug message)
More interesting is the "The request GET http://www.heise.de/ is DENIED,"
line.. how is the acl "all" defined in your config?
Regards
Henrik
Received on Tue May 10 2005 - 06:24:36 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT