[squid-users] cache_object denied

From: David Touzeau <david_at_touzeau.eu>
Date: Fri, 04 Jun 2010 01:22:56 +0200

Dear all

i would like to use squidclient in order to get informations from squid
3.1.4

but squid does not want to accept connexions:

mail - - [03/Jun/2010:19:03:05 -0400] "GET cache_object://127.0.0.1/info
HTTP/1.0" 407 3451 TCP_DENIED:NONE
mail - - [03/Jun/2010:19:03:05 -0400] "GET
cache_object://127.0.0.1/counters HTTP/1.0" 407 3467 TCP_DENIED:NONE

here is is my config , what's wrong ? :

auth_param basic program /usr/lib/squid3/squid_ldap_auth -b
"dc=my-domain,dc=com" -D "cn=admin,dc=my-domain,dc=com" -w ***** -f
"(&(objectClass=userAccount)(uid=%s))" -v 3 -h 127.0.0.1
#--------- GLOBAL
external_acl_type ldap_group %LOGIN /usr/lib/squid3/squid_ldap_group -D
"cn=admin,dc=my-domain,dc=com" -w ****** -b "dc=my-domain,dc=com" -f
"(&(objectClass=posixGroup)(gidNumber=%a)(memberUid=%v))" -S -v 3 -h
127.0.0.1
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
auth_param basic credentialsttl 2 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 60 seconds

acl malware_block_list url_regex -i "/etc/squid3/malwares.acl"
acl blockedsites url_regex "/etc/squid3/squid-block.acl"
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/32
acl CONNECT method CONNECT
acl manager proto cache_object
acl office_network src 192.168.1.0/24
acl group_password external ldap_group

acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 22 #ssh
acl Safe_ports port 443 563 #https, snews
acl Safe_ports port 1863 #msn
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 631 #cups
acl Safe_ports port 873 #rsync
acl Safe_ports port 901 #SWAT#
http_access allow localhost
http_access allow manager localhost
http_access deny malware_block_list
http_access deny blockedsites
http_access allow ldapauth
http_access allow group_password
http_access allow office_network
http_access deny !Safe_ports
http_access deny all

best regards
Received on Thu Jun 03 2010 - 23:23:06 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 04 2010 - 12:00:04 MDT