Re: [squid-users] external ACL check sporadically failing

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 15 Apr 2003 08:54:30 +0200

Alex Tsalolikhin wrote:
>
> Hi,
>
> Problem: We need to limit access to our Squid installation
> to ~90,000 specified ip addresses.
>
> We've set up an external_acl_type and external acl checker
> to check the ip address against the flat file listing the
> permitted ip addresses, and this mostly works, but not always:
> squid access log occasionally shows TCP_DENIED/403 for IP
> addresses that _are_ in the allow file and that should have
> been let through.
>
> After adding logging to the external acl checker, I see that
> the external acl checker was never queried about the ip addreses
> that got denied.

Odd.. it should have got queried at least once...

Is your problem persistent, or does it help if the user just retries the
request?

There is a known bug in 2.5.STABLE2 where external acl lookups
occationally can give a false negative if there is a second request just
as the acl lookup of another request with the same acl information is
being verified, but I do not know of any bugs where the external helper
is not queried at all.

 
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE2-concurrent_external_acl

Regards
Henrik

-- 
Free Squid-users support provided by Henrik Nordström
<hno@squid-cache.org>
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Tue Apr 15 2003 - 01:01:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:58 MST