Re: [squid-users] Non-authenticated entries in log

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Fri, 30 Mar 2001 12:41:24 +1000 (EST)

Hi,

On Fri, 30 Mar 2001, Simon Bryan wrote:

> Could this be the source of non-authenticated entries in my logs? The
> entries actually come from a wide range of addresses.
>
> http_access allow manager localhost
> http_access allow manager cachemanager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny !OLMC
> http_access allow manager !localhost
> http_access allow manager gatekeeper
> http_access deny manager
> http_access allow
> local_servers <------------------------------------------
> http_access deny !password
>
>
> where local_servers is:
> acl local_servers dstdomain olmc.nsw.edu.au 192.x.x.y revelation 192.x.x.z
> gatekeeper 192.x.x.w vortex
>
> These are either our domain, or other servers on our network. 192.x.x.z
> (gatekeeper) is our proxy server but it also runs our webserver. Also I did
> this a long time ago, should I have to list the machine name as well as the
> IP in local_servers or should the IP address be sufficient?

You don't say which destinations are being reached by non-authenticated
users. According to what's above, anyone can go to "localservers" without
authentication. Without knowing all the acls it is difficult to know
exactly where the system is falling down. I have a sneaking suspicion
"deny !OLMC" might be your culprit. I base that suspicion on OLMC being
the definition of your networks as a source.

Colin
Received on Thu Mar 29 2001 - 19:41:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:02 MST