Re: [squid-users] Error tcp_negative on web server in DMZ

Hi and thanks for your aid, the problem is in squidGuard !
thanks again.

------
Salvatore.

----- Original Message -----
From: "Chris Robertson" <crobertson@gci.com>
To: <squid-users@squid-cache.org>
Sent: Wednesday, November 23, 2005 7:56 PM
Subject: RE: [squid-users] Error tcp_negative on web server in DMZ

> -----Original Message-----
> From: sasa [mailto:sasa@shoponweb.it]
> Sent: Wednesday, November 23, 2005 5:48 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Error tcp_negative on web server in DMZ
>
>
> Hi,
> also with:
>
> acl internalsite dstdomain www.mysite.com
> no_cache deny internalsite

The no_cache directive just prevents Squid from caching received data from a
site. The negative_ttl directive controls "Time-to-Live (TTL) for failed
requests".

>
> .. in the log file I have:
>
> tcp_miss/403 4174 get http://www.mysite.com direct /10.0.0.121
> tcp_negative_hit/403 GET http://www.mysite.com
>
> ..but with parameter no_cache I not use the squid cache or no ??
> thanks again.
>
> ------
> Salvatore.
>
>

I would have to imagine that SquidGuard is doing the blocking in this case,
as I don't see any problems with your Squid ACLs. For what it's worth...

> >>> acl local_net src 10.0.0.0/255.255.255.0
> >>> acl our_networks src 10.0.0.0/24
> >>> http_access allow our_networks
> >>> http_access allow local_net

...is redundant. The local_net and our_networks are two ways of declaring
the same subnet.

Try removing SquidGuard as a cache_peer, restart Squid and see if access to
www.mysite.com works. That will at least narrow the cause of the problem.

Chris
Received on Fri Nov 25 2005 - 02:52:50 MST