RE: [squid-users] TCP_MISS/000 FTP

From: Dawie Pretorius <dawie_at_tradebridge.co.za>
Date: Thu, 4 Mar 2010 08:57:13 +0200

Hello Amos

Thank you, Much appreciated.

Regrads,

Dawie Pretorius

Dawie Pretorius wrote:
> Hello
>
> Getting this error "1267609425.628 270 172.16.8.105 TCP_MISS/000 0 GET ftp://XX.XX.XX.XX/ - DIRECT/XX.XX.XX.XX - and a black page on my web browser on when accessing this ftp site.
>
> When using no proxy FTP site ask for authentication?
>

Squid older than 3.1 were somewhat restricted in their use of auth with
FTP. They would not pass back the headers to trigger HTTP auth properly
and required the user/pass to be in the URL.

Your config shows signs of being in an older Squid, so the fix will be
either using 3.1 or adding the credentials to the FTP URLs.

> Here is my squid.conf:
>
> http_port 0.0.0.0:51313
> cache_peer ZATBIMPROXY02 sibling 3128 0 default login=PASS
> persistent_connection_after_error on
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY

Drop that QUERY stuff to improve your dynamic objects caching. A large
portion seem to be cacheable now.

> cache_mem 50 MB
> maximum_object_size 20 MB
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log

Not useful for much beyond debugging:
   cache_store_log none

> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440

Missing right here:
   refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

> refresh_pattern . 0 20% 4320
> half_closed_clients off
> acl manager proto cache_object
> acl localnet src XX.XX.XX.XX/12
> acl localhost src 127.0.0.1/255.255.255.255

acl localhost src 127.0.0.1

> acl to_localhost dst 127.0.0.0/8

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

<snip>
> http_access deny CONNECT !SSL_ports
> acl cape_town src XX.XX.XX.XX/255.255.254.0

acl cape_town src XX.XX.XX.XX/23

> http_access allow cape_town
> acl our_networks src XX.XX.XX.XX/255.255.254.0 XX.XX.XX.XX/255.255.254.0 XX.XX.XX.XX/255.255.255.0

acl our_networks src XX.XX.XX.XX/23 XX.XX.XX.XX/23 XX.XX.XX.XX/24

> http_access allow our_networks
> http_access allow localhost
> http_reply_access allow all
> icp_access allow all
> cache_mgr hbops_at_healthbridge.co.za
> visible_hostname ZATBIMPROXY01
> deny_info ERR_ACCESS_DENIED blacklist
> deny_info ERR_ACCESS_DENIED denyfiletypes

ACCESS_DENIED is the default page sent on "http_access deny". There is
no need to specify it explicitly like that.

>
> This FTP does ask for authentication and you cannot login anonymously. Is this something that I have in my squid.conf or does not have in my squid.conf?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
   Current Beta Squid 3.1.0.17
 
Note: Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver to anyone this message (or any part of its contents ) or take any action in reliance on it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use. The views, opinions, conclusions and other information expressed in this electronic mail are not given or endorsed by the company unless otherwise indicated by an authorized representative independent of this message.
Received on Thu Mar 04 2010 - 06:57:33 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 04 2010 - 12:00:06 MST