IE6
-------------- Original message ----------------------
From: "Amos Jeffries" <squid3@treenet.co.nz>
> > Amos,
> >
> > While I appreciate the input on my config file, do you see anything that
> > would cause it to give me these errors?
> >
> > Here is my wpad.dat:
> >
> > function FindProxyForURL(url,host) {
> > return "PROXY 192.168.1.1:3128";
> > }
>
> Okay. That makes it a problem with the request the browser is sending.
>
> What are you typing into the address bar to get the error?
> Which browser?
>
> Amos
>
> >
> > Here is what I see in the logs:
> >
> > 1205192406.411 0 192.168.1.99 TCP_DENIED/400 1683 GET
> > error:invalid-request - NONE/- text/html [] [HTTP/1.0 400 Bad
> > Request\r\nServer: squid\r\nDate: Mon, 10 Mar 2008 23:40:06
> > GMT\r\nContent-Type: text/html\r\nContent-Length: 1370\r\nExpires: Mon, 10
> > Mar 2008 23:40:06 GMT\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\n\r]
> > 1205192406.415 0 192.168.1.99 TCP_DENIED/400 1811 GET
> > error:invalid-request - NONE/- text/html [] [HTTP/1.0 400 Bad
> > Request\r\nServer: squid\r\nDate: Mon, 10 Mar 2008 23:40:06
> > GMT\r\nContent-Type: text/html\r\nContent-Length: 1498\r\nExpires: Mon, 10
> > Mar 2008 23:40:06 GMT\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\n\r]
> >
> > -------------- Original message ----------------------
> > From: Amos Jeffries <squid3@treenet.co.nz>
> >> ffredrixson@comcast.net wrote:
> >> > I have squid 2.6stable18 on a debian sarge box in non-transparent
> >> mode. I also
> >> > have apache web server setup on this box and it works fine - when the
> >> browser
> >> is
> >> > pre-configured for the proxy.
> >> >
> >> > I have some people come in and use their laptops from time to time so
> >> I need a
> >> > way to automatically direct them to the proxy server. I've read about
> >> wpad.dat
> >> > and proxy.pac and tried setting that up but I always get the
> >> TCP_DENIED/400
> >> > error:invalid-request in the access.log.
> >> >
> >> > When I pre-configure the browser for the proxy, the wpad.dat page
> >> shows me the
> >> > javascript which from what I've read is what it's supposed to do when
> >> I put
> >> the
> >> > URL in the address bar: http://192.168.1.1/wpad.dat.
> >> >
> >> > When I configure the browser to use a automatic configuration script
> >> with that
> >> > URL, I get the TCP_DENIED/400 errors again.
> >> >
> >> > I must be missing something, but I've read everything I could find. Is
> >> it an
> >> acl
> >> > that I'm missing?
> >>
> >> Probably a WPAD-DNS / WPAD-DHCP muckup or something in the .PAC itself.
> >>
> >> >
> >> > Can someone please help me out?
> >> >
> >> > Thank you in advance.
> >> >
> >> > Here is my squid.conf:
> >> >
> >> > memory_pools off
> >> > httpd_suppress_version_string on
> >> > cache_effective_user squid
> >> > cache_effective_group squid
> >>
> >> Better leave the group voodoo to the kernel. Setup the user/group on the
> >> OS properly and its not needed in squid.conf. effective_user is okay if
> >> its not built properly by the package maintainer (But it should be!).
> >>
> >> > http_port 3128
> >> >
> >> > cache_access_log /usr/local/squid/var/logs/access.log
> >>
> >> Thats now: access_log ...
> >>
> >> > cache_log /usr/local/squid/var/logs/cache.log
> >> > mime_table /usr/local/squid/etc/mime.conf
> >> > log_mime_hdrs on
> >> > useragent_log /usr/local/squid/var/logs/useragent.log
> >> >
> >> > url_rewrite_program /usr/local/squid/bin/ufdbgclient -l
> >> > /usr/local/squid/var/logs
> >> > url_rewrite_children 16
> >> >
> >> > #ACL's
> >> > acl all src 0/0
> >>
> >> Make this: acl all src all
> >>
> >> > no_cache deny all
> >>
> >> Make this: cache deny all
> >> (or if you want things cached and bandwidth savings, remove it)
> >>
> >> > acl internal_net src 192.168.1.0/24
> >> >
> >> > acl ok_downloads dstdomain "/var/domains.txt"
> >> >
> >> > acl SSL_ports port 443
> >> > acl CONNECT method CONNECT
> >> >
> >> > http_access allow internal_net
> >>
> >> None of the other http_access will ever match after that line!
> >>
> >> > http_access allow ok_downloads internal_net !
> >> >
> >> > http_reply_access allow internal_net ok_downloads
> >>
> >> Why do this restrictive allow when the next line is a duplicate but more
> >> friendly one?
> >> Better to just allow all replies. Remember Error pages and Access Denied
> >> etc are replies!
> >>
> >> > http_reply_access allow internal_net
> >>
> >> And ok. Good finish.
> >>
> >> > http_access deny all
> >>
> >> Amos
> >> --
> >> Please use Squid 2.6STABLE17+ or 3.0STABLE1+
> >> There are serious security advisories out on all earlier releases.
> >
> >
>
>
Received on Mon Mar 10 2008 - 19:33:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT