[squid-users] replies are DENIED

From: George Dominguez <GDominguez@dont-contact.us>
Date: Wed, 19 Mar 2003 16:29:41 +1100

In regards to the previous question - on the 10.1.1.4 proxy access logs
here is what I found

2003/03/19 16:23:38| WARNING: Probable misconfigured neighbor at 10.1.4.18
2003/03/19 16:23:38| WARNING: 143 of the last 150 ICP replies are DENIED
2003/03/19 16:23:38| WARNING: No replies will be sent for the next 3600
seconds

Hello everyone,

We have two type of users, those whom are allow direct access onto the
University of Queensland databases, and those whom need to validate them
self's.

In order to achieve the above requirement, we created an acl rule set, the
"exeption-entries" file has the ip's range.
10.1.1.4 is another redhat 8 squid proxy server, 10.1.1.4 nat's through the
firewall, and it's allowed direct access to the University of Queensland
databases.

Here is the acl from my squid.conf:

# If an IP is from the exception-entry list, then
# pass the request to 10.1.1.4 proxy server.
acl StaffNet src "/usr/local/squid/etc/exception-entries"
acl uqlib dstdomain .uq.edu.au
cache_peer 10.1.1.4 parent 3128 3130
cache_peer_access 10.1.1.4 allow StaffNet uqlib
cache_peer_access 10.1.1.4 deny all

It all works fine. With the exception that every now and then I get a phone
call from an exception user telling me that they were prompt to validate.

In order to get around this issue, I run squid -k reconfigure and it all
works again, until, the next telephone call.

Any ideas as to what could be making this service fail every now and then?

Regards
George

=====================================================
Privileged/Confidential Information may be contained in this message. If
you are not the addressee (or responsible for delivery of the message to
the addressee), you may not copy or deliver this message to anyone. In such
a case, you should destroy this message and kindly notify the sender by
reply e-mail. Opinions, conclusions and other information in this message
that do not relate to the official business of my employer shall be
understood as neither given nor endorsed by it.
Received on Tue Mar 18 2003 - 22:26:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:07 MST