Re: [squid-users] TCP_MISS/403

From: nick <trykde@dont-contact.us>
Date: Sun, 24 Mar 2002 12:06:47 -0500

For your information, here is what HTTP1.1 has to say about response
code 403:

403 Forbidden

    The server understood the request, but is refusing to fulfill it.
    Authorization will not help and the request SHOULD NOT be repeated.
    If the request method was not HEAD and the server wishes to make
    public why the request has not been fulfilled, it SHOULD describe the
    reason for the refusal in the entity. If the server does not wish to
    make this information available to the client, the status code 404
    (Not Found) can be used instead.

In order for us to better understand your problem, could you provide
more information on:
1) what authorization scheme you are using in the original http server?
2) what's exactly the 403 error message you are receiving from squid?
3) list the acl setting part of your squid.conf

Good luck,
-nick

HEGEDUS, Ervin wrote:
> Hello,
>
> sorry for this post, i know, there are more mail in list
> archive, but i didn't find for me the answer.
>
> sorry for the long mail.
>
> i have a FreeBSD 4.4, Squid 2.5 PRE5, in our Intranet.
> Squid ip's is 10.0.100.251.
>
> Here are two networks, what squid works for: 10.1.0.0/16 and
> 10.0.0.0/16, but second network fragmented more little networks.
> (forexample: 10.0.4.0/24, 10.0.5.0/24...)
>
> every ip connection works correctly, from everywhere. (icmp,
> ssh, etc...)
>
> HTTP connect works correctly from 10.1.0.0/16, but does not
> works for any hosts, here is sample log:
>
> 1016920321.721 1216 10.0.4.60 TCP_MISS/403 ... http://www....
>
> in squid.conf _is_not_ any deny acl. (nothing deny, all acl
> are allow!)
>
> the different between two networks (example: 10.0.4.0 &
> 10.1.0.0) is routing, but here are two traceroute output:
>
> proxy:~# traceroute 10.1.1.30
> traceroute to 10.1.1.30 (10.1.1.30), 30 hops max, 38 byte packets
> 1 10.0.100.249 (10.0.100.249) 1.235 ms 2.031 ms 1.167 ms
> 2 10.0.100.254 (10.0.100.254) 8.940 ms 6.652 ms 2.234 ms
> 3 10.0.100.10 (10.0.100.10) 18.052 ms 10.0.100.5 (10.0.100.5) 47.025 ms 40.766 ms
> 4 10.1.1.30 (10.1.1.30) 48.802 ms 32.628 ms 48.742 ms
> (this works correctly)
>
> proxy:~# traceroute 10.0.4.60
> traceroute to 10.0.4.60 (10.0.4.60), 30 hops max, 38 byte packets
> 1 10.0.100.249 (10.0.100.249) 0.859 ms 0.816 ms 0.966 ms
> 2 10.0.4.60 (10.0.4.60) 0.610 ms 0.655 ms 0.487 ms
>
> or:
>
> proxy:~# traceroute 10.0.13.11
> traceroute to 10.0.13.11 (10.0.13.11), 30 hops max, 38 byte packets
> 1 10.0.100.249 (10.0.100.249) 0.820 ms 1.850 ms 1.617 ms
> 2 10.0.100.41 (10.0.100.41) 16.440 ms 16.250 ms 16.223 ms
> 3 10.0.13.11 (10.0.13.11) 19.553 ms 17.611 ms 17.794 ms
>
> in first case is a redirect, there is an other router.
>
>
>
> what is the problem?
>
> please help me, it is very hard problem.
>
> thank you:
>
> a.
>
>
>
Received on Sun Mar 24 2002 - 10:00:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:03 MST