RE: [squid-users] Error tcp_negative on web server in DMZ from Chris Robertson on 2005-11-23 (squid-users)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 23 Nov 2005 09:56:31 -0900

> -----Original Message-----
> From: sasa [mailto:sasa@shoponweb.it]
> Sent: Wednesday, November 23, 2005 5:48 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Error tcp_negative on web server in DMZ
>
>
> Hi,
> also with:
>
> acl internalsite dstdomain www.mysite.com
> no_cache deny internalsite

The no_cache directive just prevents Squid from caching received data from a site. The negative_ttl directive controls "Time-to-Live (TTL) for failed requests".

>
> .. in the log file I have:
>
> tcp_miss/403 4174 get http://www.mysite.com direct /10.0.0.121
> tcp_negative_hit/403 GET http://www.mysite.com
>
> ..but with parameter no_cache I not use the squid cache or no ??
> thanks again.
>
> ------
> Salvatore.
>
>

I would have to imagine that SquidGuard is doing the blocking in this case, as I don't see any problems with your Squid ACLs. For what it's worth...

> >>> acl local_net src 10.0.0.0/255.255.255.0
> >>> acl our_networks src 10.0.0.0/24
> >>> http_access allow our_networks
> >>> http_access allow local_net

...is redundant. The local_net and our_networks are two ways of declaring the same subnet.

Try removing SquidGuard as a cache_peer, restart Squid and see if access to www.mysite.com works. That will at least narrow the cause of the problem.

Chris
Received on Wed Nov 23 2005 - 11:56:32 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:10 MST