I have a problem that isn't really affecting the users experience, however it is really clogging up the access.log with alot of TCP_DENIED entries.
I have turned up logging to debug_options ALL,2 so that I can see what's going on with the ACL's I have the following auth_param's acl's & rules: ------------------------------------------------------------------- auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 25 auth_param ntlm max_challenge_reuses 5 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/squid/libexec/wb_auth auth_param basic children 5 auth_param basic realm Proxy Server auth_param basic credentialsttl 2 hours acl blockedsites url_regex -i "/usr/local/squid/etc/acls/block.acl" acl unblockedsites url_regex -i "/usr/local/squid/etc/acls/unblock.acl" acl AuthorisedUsers proxy_auth REQUIRED acl Group_WebBrowsers external NT_global_group Web_Browsers http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny blockedsites !unblockedsites http_access allow AuthorisedUsers Sites_AllUsers http_access allow AuthorisedUsers Group_WebBrowsers http_access allow localhost http_access deny all http_reply_access allow all ------------------------------------------------------------------- and my logs are showing the following (note this is a combination of access.log & cache.log): ------------------------------------------------------------------- 1091084609.250 351 10.49.4.164 TCP_DENIED/407 2112 GET http://www.google.com.au/ - NONE/- text/html 1091084609.301 4 10.49.4.164 TCP_DENIED/407 2134 GET http://www.google.com.au/ - NONE/- text/html 2004/07/29 17:03:29| The request GET http://www.google.com.au/ is DENIED, because it matched 'AuthorisedUsers' 2004/07/29 17:03:29| The request GET http://www.google.com.au/ is DENIED, because it matched 'AuthorisedUsers' 2004/07/29 17:03:29| clientReadRequest: FD 67: no data to process ((11) Resource temporarily unavailable) 2004/07/29 17:03:29| aclMatchExternal: NT_global_group = 1 2004/07/29 17:03:29| The request GET http://www.google.com.au/ is ALLOWED, because it matched 'Group_WebBrowsers' 2004/07/29 17:03:29| The reply for GET http://www.google.com.au/ is ALLOWED, because it matched 'all' 2004/07/29 17:03:29| clientReadRequest: FD 67: no data to process ((11) Resource temporarily unavailable) 1091084609.684 382 10.49.4.164 TCP_MISS/200 3229 GET http://www.google.com.au/ mydomain\myusername DIRECT/216.239.57.147 text/html ------------------------------------------------------------------- Now this is weird because I have no ACL that denies AuthorisedUsers - so why is it saying that the GET is denied because it matches AuthorisedUsers and then allowing it because it matches Group_WebBrowsers? Regards, Rob Hadfield
