[squid-users] ACL Problem - All Access Denied from yussil@dont-contact.us on 2006-03-22 (squid-users)

From: <yussil@dont-contact.us>
Date: Wed, 22 Mar 2006 14:57:51 GMT

I am getting Access Denied when I try to use SQUID. I am sure that it is an ACL problem, but I cannot figure out where. I cannot figure out why the same URL is both allowed and denied. I did check the FAQ, and other posts, but I cannot find anything that helps me. Maybe I am not looking in the right places, or maybe I am missing something simple. All help is appreciated. I have attached my cache.log file below:

2006/03/21 17:46:34| aclCheckFast: list: 0x80220588
2006/03/21 17:46:34| aclMatchAclList: checking all
2006/03/21 17:46:34| aclMatchAcl: checking 'acl all src 192.255.255.0/255.255.255.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheckFast: no matches, returning: 1
2006/03/21 17:46:34| aclCheck: checking 'http_access allow localnet'
2006/03/21 17:46:34| aclMatchAclList: checking localnet
2006/03/21 17:46:34| aclMatchAcl: checking 'acl localnet src 192.168.0.0/255.255.255.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access allow localhost'
2006/03/21 17:46:34| aclMatchAclList: checking localhost
2006/03/21 17:46:34| aclMatchAcl: checking 'acl localhost src 127.0.0.1/255.0.0.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access allow CONNECT SSL_ports'
2006/03/21 17:46:34| aclMatchAclList: checking CONNECT
2006/03/21 17:46:34| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access deny all'
2006/03/21 17:46:34| aclMatchAclList: checking all
2006/03/21 17:46:34| aclMatchAcl: checking 'acl all src 192.255.255.0/255.255.255.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access allow manager localhost'
2006/03/21 17:46:34| aclMatchAclList: checking manager
2006/03/21 17:46:34| aclMatchAcl: checking 'acl manager proto cache_object'
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access deny manager'
2006/03/21 17:46:34| aclMatchAclList: checking manager
2006/03/21 17:46:34| aclMatchAcl: checking 'acl manager proto cache_object'
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access deny CONNECT !SSL_ports'
2006/03/21 17:46:34| aclMatchAclList: checking CONNECT
2006/03/21 17:46:34| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access allow localhost'
2006/03/21 17:46:34| aclMatchAclList: checking localhost
2006/03/21 17:46:34| aclMatchAcl: checking 'acl localhost src 127.0.0.1/255.0.0.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: checking 'http_access deny all'
2006/03/21 17:46:34| aclMatchAclList: checking all
2006/03/21 17:46:34| aclMatchAcl: checking 'acl all src 192.255.255.0/255.255.255.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: NO match found, returning 1
2006/03/21 17:46:34| aclCheckCallback: answer=1
2006/03/21 17:46:34| The request GET http://www.msn.com/ is ALLOWED, because it matched 'all'
2006/03/21 17:46:34| aclCheck: checking 'no_cache deny QUERY'
2006/03/21 17:46:34| aclMatchAclList: checking QUERY
2006/03/21 17:46:34| aclMatchAcl: checking 'acl QUERY urlpath_regex cgi-bin \?'
2006/03/21 17:46:34| aclMatchRegex: checking '/'
2006/03/21 17:46:34| aclMatchRegex: looking for 'cgi-bin'
2006/03/21 17:46:34| aclMatchRegex: looking for '\?'
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheck: NO match found, returning 1
2006/03/21 17:46:34| aclCheckCallback: answer=1
2006/03/21 17:46:34| aclCheckFast: list: (nil)
2006/03/21 17:46:34| aclCheckFast: no matches, returning: 1
2006/03/21 17:46:34| aclCheckFast: list: 0x8041be10
2006/03/21 17:46:34| aclMatchAclList: checking all
2006/03/21 17:46:34| aclMatchAcl: checking 'acl all src 192.255.255.0/255.255.255.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheckFast: no matches, returning: 0
2006/03/21 17:46:34| aclCheckFast: list: 0x8021f5e0
2006/03/21 17:46:34| aclMatchAclList: checking all
2006/03/21 17:46:34| aclMatchAcl: checking 'acl all src 192.255.255.0/255.255.255.0'
2006/03/21 17:46:34| aclMatchIp: '192.168.165.95' NOT found
2006/03/21 17:46:34| aclMatchAclList: no match, returning 0
2006/03/21 17:46:34| aclCheckFast: no matches, returning: 0
2006/03/21 17:46:34| The reply for GET http://www.msn.com/ is DENIED, because it matched 'all'

________________________________________________________________________
Try Juno Platinum for Free! Then, only $9.95/month!
Unlimited Internet Access with 1GB of Email Storage.
Visit http://www.juno.com/value to sign up today!
Received on Wed Mar 22 2006 - 07:59:58 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST