[squid-users] Interminted TCP_DENIED from David Parks on 2010-09-19 (squid-users)

From: David Parks <davidparks21_at_yahoo.com>
Date: Sun, 19 Sep 2010 12:37:38 -0700

I've simplified things as far as I can think to and still get what appear to
be random TCP_DENIED/407 errors after I've been authenticated.

Using Squid 2.7 STABLE 9, I'm now just using the digest_pw_auth
authenticator with a single user pw file of test:test.

If I turn off authentication there's no problem. But with authentication on
I can't get much further than a page or two of sites like Yahoo.com or
LATimes.com (sites with many resources) before I get a 407.

I've run some wireshark captures and could post the http header
request/responses if that helps any. I don't know the digest authentication
protocol well enough to follow all the nonce transitions and all of that to
see if it's a problem.

Here is my squid.conf in hopes that someone might have some ideas on
direction I could take in debugging this.

Is there any way to get more info from Squid about why it's throwing 407's?

_________________________________________________________________
auth_param digest realm US Proxy
auth_param digest program /usr/local/squid/libexec/digest_pw_auth
/tmp/pwfile
auth_param digest children 5
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
acl all src all
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl authenticated proxy_auth REQUIRED

http_access allow authenticated
http_access deny all
icp_access allow localnet
icp_access deny all

http_port 80
hierarchy_stoplist cgi-bin ?

cache_dir ufs /mnt/sda2/cache-squid 100 16 256
logformat custom_verbose User[%un] TotalBytes[%st] ClientIP[%>a]
LocalPort[%lp] SquidStatus[%Ss] URL[%ru] Time[%{%Y-%m-%d %H}tg:00:00]
HttpStatus[%Hs]
access_log /mnt/sda2/logs-squid/accesslog/access.log custom_verbose
cache_store_log /mnt/sda2/logs-squid/store.log
pid_filename /mnt/sda2/logs-squid/squid.pid
cache_log /mnt/sda2/logs-squid/cache.log
coredump_dir /mnt/sda2/logs-squid/core-dumps

cache_effective_user squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
Received on Sun Sep 19 2010 - 19:37:46 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 20 2010 - 12:00:03 MDT