[SQU] TCP_DENIED/407 on all requests

I can't seem to find why I'm getting TCP_DENIED/407 messages in access.log.
Whenever I comment out the http_access allow all line in the following
squid.conf file I will get all TCP_DENIED on every request. The
squid_pam_auth program is working at I can authenticate properly from the
shell using it. I found one thread talking about this problem and that a
solution was not found (included), I'm wondering is there is anymore
information on this. I'm running squid-2.2.STABLE4-8

squid.conf
----------
store_avg_object_size 6 KB
authenticate_program /usr/sbin/squid_pam_auth
authenticate_children 2
authenticate_ttl 30
positive_dns_ttl 120 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.108.0.0/255.255.0.0
acl password proxy_auth REQUIRED
acl SSL_ports port 443 563
acl Safe_ports port 80 88 89 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access allow all
http_access allow localnet password

http_access deny all
icp_access deny all
miss_access allow all
proxy_auth_realm web proxy-cache
logfile_rotate 10

access.log
----------
980881595.764 937 192.108.0.221 TCP_DENIED/407 1411 GET
http://my.yahoo.com/ fcupersmith NONE/- -
980881603.103 1009 192.108.0.221 TCP_DENIED/407 1516 GET
http://dezigns4u.com/forums/LOCKER_ROOM/posts/1493.html fcupersmith NONE/- -
980881603.984 876 192.108.0.221 TCP_DENIED/407 1516 GET
http://dezigns4u.com/forums/LOCKER_ROOM/posts/1493.html fcupersmith NONE/- -
980881652.043 1280 192.108.0.221 TCP_DENIED/407 1411 GET
http://my.yahoo.com/ fcupersmith NONE/- -

Nate Cull wrote:
>
> Running a virgin Red Hat 7.0 server as a Squid proxy box
> (squid-2.3STABLE4-1 rpm) with an ACL inclusion list (ie,
> it will only allow connections to a specified list of sites)
> we're getting an odd intermittent problem. At random times
> during the day (this seems to happen every couple of weeks),
> squid will suddenly fall into a state where it rejects EVERY
> http request sent to it (not just ones sent to unauthorised
> sites). We can see this in the logs; suddenly every line becomes
> a TCP_DENIED inst

Seen it in Squid-2.2.STABLE5-hno from time to time, but have not been
able to isolate the cause. For me the some src type ACLs ceased to
function from time to time.

acl localhost src 127.0.0.1/32

I cannot remember seeing any changes in Squid which has smelled like
possibly fixing this issue, so I guess the problem is still there
somewhere.

--
Henrik Nordstrom
Squid hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html