[squid-users] Cache access denied

From: shacky <shacky83_at_gmail.com>
Date: Fri, 17 Jul 2009 11:46:17 +0200

Hi.
I installed and configured Squid version 3.0.STABLE8 on my Debian
Lenny system with NTLM authentication:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_ttl 1 hour
authenticate_cache_garbage_interval 10 minutes
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers

It works, clients are able to surf on the web using the Proxy and
usernames are correctly logged.

The problem is that sometimes it happens that the browser asks
username and password to the user, and it is not accepted even if they
are correctly typed in.
After some attempts the browser show a "Cache Access Denied" error and
I don't see any errors in access.log, cache.log or store.log
This problem happens especially with already visited websites.

These are my ACLs and rules:

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.33.0/24

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access allow localhost

http_access deny all

icp_access deny all
htcp_access deny all

Could you help me to solve this problem, please?
Thank you very much!
Bye.
Received on Fri Jul 17 2009 - 09:46:25 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 17 2009 - 12:00:03 MDT