Re: [squid-users] debugging ACLs

From: Amos Jeffries <squid3@dont-contact.us>
Date: Wed, 19 Mar 2008 18:37:03 +1300

paul cooper wrote:
> a follow-on
>
> ive turned up debugging to
> debug_options ALL,1 33,2 28,9
>
> squid.conf has
> hepworth andrew # cat -n /etc/squid/squid.conf |grep ip_user
> 405 external_acl_type ip_user_helper %SRC %LOGIN
> /usr/libexec/squid/ip_user_check -f /etc/squid/ip_user.conf
> hepworth andrew #
> hepworth andrew # cat -n /etc/squid/squid.conf |grep andr
> 563 acl andrew ext_user andrew
> 642 http_access allow andrew
> hepworth andrew #
>
>
> Ive tried in ip_user.conf (LAN IP address for this machine is
> 192.168.0.200 )
>
> 192.168.0.0/24 andrew
> 127.0.0.1 andrew
>
> the relevant bit ( i think) of the output
>
> 2008/03/18 17:26:29| aclMatchAcl: checking 'acl CONNECT method CONNECT'
> 2008/03/18 17:26:29| aclMatchAclList: no match, returning 0
> 2008/03/18 17:26:29| aclCheck: checking 'http_access allow andrew'
> 2008/03/18 17:26:29| aclMatchAclList: checking andrew
> 2008/03/18 17:26:29| aclMatchAcl: checking 'acl andrew ext_user
> andrew'
> 2008/03/18 17:26:29| aclMatchAclList: no match, returning 0
> 2008/03/18 17:26:29| aclCheck: checking 'http_access allow our_networks'
> 2008/03/18 17:26:29| aclMatchAclList: checking our_networks
> 2008/03/18 17:26:29| aclMatchAcl: checking 'acl our_networks src
> 192.168.0.0/24 '
> 2008/03/18 17:26:29| aclMatchIp: '127.0.0.1' NOT found
> 2008/03/18 17:26:29| aclMatchAclList: no match, returning 0
> 2008/03/18 17:26:29| aclCheck: checking 'http_access deny all'
> 2008/03/18 17:26:29| aclMatchAclList: checking all
> 2008/03/18 17:26:29| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> 2008/03/18 17:26:29| aclMatchIp: '127.0.0.1' found
> 2008/03/18 17:26:29| aclMatchAclList: returning 1
>
> so the username authentication seems not to be getting through .
>

Any hint as to which of the many Squid releases available that you are
actually seeing this in?

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Tue Mar 18 2008 - 23:36:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT