Re: [squid-users] Non-authenticated entries in log from Simon Bryan on 2001-03-29 (squid-users)

From: Simon Bryan <sbryan@dont-contact.us>
Date: Fri, 30 Mar 2001 15:17:51 +1000

At 12:41 30/03/2001, you wrote:
>Hi,
>
>On Fri, 30 Mar 2001, Simon Bryan wrote:
>
> > Could this be the source of non-authenticated entries in my logs? The
> > entries actually come from a wide range of addresses.
> >
> > http_access allow manager localhost
> > http_access allow manager cachemanager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access deny !OLMC
> > http_access allow manager !localhost
> > http_access allow manager gatekeeper
> > http_access deny manager
> > http_access allow
> >
> local_servers <------------------------------------------
> > http_access deny !password
> >
> >
> > where local_servers is:
> > acl local_servers dstdomain olmc.nsw.edu.au 192.x.x.y revelation 192.x.x.z
> > gatekeeper 192.x.x.w vortex
> >
> > These are either our domain, or other servers on our network. 192.x.x.z
> > (gatekeeper) is our proxy server but it also runs our webserver. Also I did
> > this a long time ago, should I have to list the machine name as well as the
> > IP in local_servers or should the IP address be sufficient?
>
>You don't say which destinations are being reached by non-authenticated
>users. According to what's above, anyone can go to "localservers" without
>authentication. Without knowing all the acls it is difficult to know
>exactly where the system is falling down. I have a sneaking suspicion
>"deny !OLMC" might be your culprit. I base that suspicion on OLMC being
>the definition of your networks as a source.
>
>Colin
Yes OLMC is:

acl OLMC src 192.0.0.1-192.0.0.254

which is our whole network.

(and yes I know about the IP address being 'illegal' kind of legacy and on
the list of things to do)

and it is a range of destinations, most of them local servers, I am going
to move the password required line in front of local servers to see what
happens.

Simon Bryan
____________________________________
IT Manager
OLMC Parramatta
http://www.olmc.nsw.edu.au
____________________________________
Received on Thu Mar 29 2001 - 22:18:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:02 MST