[SQU] TCP_DENIED/407 on all requests

From: Dustin Butler <dustin@dont-contact.us>
Date: Tue, 30 Jan 2001 12:32:44 -0700

I can't seem to find why I'm getting TCP_DENIED/407 messages in access.log.
Whenever I comment out the http_access allow all line in the following
squid.conf file I will get all TCP_DENIED on every request. The
squid_pam_auth program is working at I can authenticate properly from the
shell using it. I found one thread talking about this problem and that a
solution was not found (included), I'm wondering is there is anymore
information on this. I'm running squid-2.2.STABLE4-8

store_avg_object_size 6 KB
authenticate_program /usr/sbin/squid_pam_auth
authenticate_children 2
authenticate_ttl 30
positive_dns_ttl 120 seconds
acl all src
acl manager proto cache_object
acl localhost src
acl localnet src
acl password proxy_auth REQUIRED
acl SSL_ports port 443 563
acl Safe_ports port 80 88 89 21 443 563 70 210 1025-65535

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access allow all
http_access allow localnet password

http_access deny all
icp_access deny all
miss_access allow all
proxy_auth_realm web proxy-cache
logfile_rotate 10

980881595.764 937 TCP_DENIED/407 1411 GET
http://my.yahoo.com/ fcupersmith NONE/- -
980881603.103 1009 TCP_DENIED/407 1516 GET
http://dezigns4u.com/forums/LOCKER_ROOM/posts/1493.html fcupersmith NONE/- -
980881603.984 876 TCP_DENIED/407 1516 GET
http://dezigns4u.com/forums/LOCKER_ROOM/posts/1493.html fcupersmith NONE/- -
980881652.043 1280 TCP_DENIED/407 1411 GET
http://my.yahoo.com/ fcupersmith NONE/- -

Nate Cull wrote:
> Running a virgin Red Hat 7.0 server as a Squid proxy box
> (squid-2.3STABLE4-1 rpm) with an ACL inclusion list (ie,
> it will only allow connections to a specified list of sites)
> we're getting an odd intermittent problem. At random times
> during the day (this seems to happen every couple of weeks),
> squid will suddenly fall into a state where it rejects EVERY
> http request sent to it (not just ones sent to unauthorised
> sites). We can see this in the logs; suddenly every line becomes
> a TCP_DENIED inst

Seen it in Squid-2.2.STABLE5-hno from time to time, but have not been
able to isolate the cause. For me the some src type ACLs ceased to
function from time to time.

acl localhost src

I cannot remember seeing any changes in Squid which has smelled like
possibly fixing this issue, so I guess the problem is still there

Henrik Nordstrom
Squid hacker
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Jan 30 2001 - 12:33:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:39 MST