Re: AW: AW: [squid-users] Need help

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 23 Apr 2002 16:47:46 +0200

What do your http_access rules look like?

When this happens http_access continues on the next line as if the user was
not in the list of allowed users.

Regards
Henrik

Rost, Werner wrote:
> More info: There are warning messages in cache.log, but 1 user is able to
> log on to squid at 2 different IPs. This should be rejected by the entries
> "authenticate_ip_ttl = 90 seconds" and "authenticate_ip_ttl_is_strict on"
> in squid.conf
>
> cache.log shows:
>
> 2002/04/23 13:02:20| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
> 2002/04/23 13:02:20| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
> 2002/04/23 13:02:20| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
> 2002/04/23 13:02:20| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
> 2002/04/23 13:02:21| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
> 2002/04/23 13:02:21| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
> 2002/04/23 13:02:21| aclMatchProxyAuth: user 'schul_2' tries to use multple
> IP addresses!
>
>
>
> access.log shows:
>
> Tue Apr 23 13:02:15 2002 2323 192.125.128.156 TCP_MISS/200 1760 GET
> http://www.google.de/ schul_2 DEFAULT_PARENT/proxy4.mannesmann.de text/html
> Tue Apr 23 13:02:15 2002 552 192.125.128.156 TCP_MISS/200 1331 GET
> http://www.google.com/search? schul_2 DEFAULT_PARENT/proxy4.mannesmann.de
> text/xml
> Tue Apr 23 13:02:20 2002 125 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/ schul_2 NONE/- text/html
> Tue Apr 23 13:02:20 2002 95 192.125.129.84 TCP_IMS_HIT/304 206 GET
> http://www.aldi.de/2_zubeh/menu_n.htm schul_2 NONE/- text/html
> Tue Apr 23 13:02:21 2002 68 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/2_zubeh/start01.htm schul_2 NONE/- text/html
> Tue Apr 23 13:02:21 2002 68 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/2_zubeh/menu_s.htm schul_2 NONE/- text/html
> Tue Apr 23 13:02:21 2002 61 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/1_symb/logo_n.gif schul_2 NONE/- image/gif
> Tue Apr 23 13:02:21 2002 18 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/1_symb/klar.gif schul_2 NONE/- image/gif
> Tue Apr 23 13:02:21 2002 165 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/1_symb/rot.gif schul_2 NONE/- image/gif
> Tue Apr 23 13:02:21 2002 165 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/1_symb/neu.gif schul_2 NONE/- image/gif
> Tue Apr 23 13:02:21 2002 101 192.125.129.84 TCP_IMS_HIT/304 205 GET
> http://www.aldi.de/1_symb/i1_02.gif schul_2 NONE/- image/gif
>
> User schul_2 surfes "google" at ip 192.125.128.156
> At the same time schul_2 surfs "www.aldi.de" at 192.125.129.84.
>
> Authentication: smb_auth - requesting a WIN NT4 PDC.
>
> > Mit freundlichen Grüßen / regards
> > Werner Rost
> >
> > ---------------------------------------------------------------------
> > ZF Boge GmbH
> > Werner Rost
> > IT
> > Friesdorfer Str. 175
> > D-53175 Bonn
> >
> >
> > phone: +49/228/3825 420
> > fax: +49/228/3825 398
> > werner.rost@zfboge.com
> >
> > www.boge-vibrationcontrol.com
> > ---------------------------------------------------------------------
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Henrik Nordstrom [mailto:hno@marasystems.com]
> > Gesendet am: Dienstag, 23. April 2002 12:02
> > An: Rost, Werner; 'Henrik Nordstrom'
> > Cc: squid-users@squid-cache.org
> > Betreff: Re: AW: [squid-users] Need help
> >
> > And what do you have in access.log?
> >
> > Regards
> > Henrik
> >
> > Rost, Werner wrote:
> > > That does not work for me.
> > >
> > > Our environment: SQUID 2.4 Stable 3
> > > Internet Explorer 5.5
> > >
> > > Entries in squid.conf:
> > >
> > > authenticate_ip_ttl 90 seconds
> > > authenticate_ip_ttl_is_strict on
> > >
> > >
> > > YES, I restarted squid after changing squid.conf.
> > >
> > > > Mit freundlichen Grüßen / regards
> > > > Werner Rost
> >
> > ---------------------------------------------------------------------
> >
> > > > ZF Boge GmbH
> > > > Werner Rost
> > > > IT
> > > > Friesdorfer Str. 175
> > > > D-53175 Bonn
> > > >
> > > >
> > > > phone: +49/228/3825 420
> > > > fax: +49/228/3825 398
> > > > werner.rost@zfboge.com
> > > >
> > > > www.boge-vibrationcontrol.com
> >
> > ---------------------------------------------------------------------
> >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
> > > > Gesendet am: Dienstag, 23. April 2002 10:16
> > > > An: Vaibhav Gupta
> > > > Cc: Boosten, Peter; squid-users@squid-cache.org
> > > > Betreff: Re: [squid-users] Need help
> > > >
> > > > Vaibhav Gupta wrote:
> > > > > I have configured this option as
> > > > >
> > > > > authenticate_ip_ttl 5
> > > > >
> > > > > but still I am able to access the net from two machines
> > > >
> > > > using same username.
> > > >
> > > > See also authenticate_ip_ttl_is_strict. The exact result
> >
> > without it
> >
> > > > depends a little on the browser used..
> > > >
> > > > Regards
> > > > Henrik
> > > >
> > > >
> > > > ---------------------------------------------------------
> > > > This Mail has been checked for Viruses
> > > > Attention: Encrypted mails can NOT be checked!
> > > >
> > > > **
> > > >
> > > > Diese Mail wurde auf Viren geprueft
> > > > Hinweis: Verschluesselte mails koennen NICHT auf Viren
> > > > geprueft werden!
> > > > ---------------------------------------------------------
> > >
> > > ---------------------------------------------------------
> > > This Mail has been checked for Viruses
> > > Attention: Encrypted mails can NOT be checked!
> > >
> > > **
> > >
> > > Diese Mail wurde auf Viren geprueft
> > > Hinweis: Verschluesselte mails koennen NICHT auf Viren
> >
> > geprueft werden!
> >
> > > ---------------------------------------------------------
> >
> > ---------------------------------------------------------
> > This Mail has been checked for Viruses
> > Attention: Encrypted mails can NOT be checked!
> >
> > **
> >
> > Diese Mail wurde auf Viren geprueft
> > Hinweis: Verschluesselte mails koennen NICHT auf Viren
> > geprueft werden!
> > ---------------------------------------------------------
>
> ---------------------------------------------------------
> This Mail has been checked for Viruses
> Attention: Encrypted mails can NOT be checked!
>
> **
>
> Diese Mail wurde auf Viren geprueft
> Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
> ---------------------------------------------------------
Received on Tue Apr 23 2002 - 08:47:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:39 MST