Re: [squid-users] ACLs help "DENIED, because it matched 'ldapauth'"

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 20 May 2011 02:41:01 +1200

On 20/05/11 01:27, David Touzeau wrote:
> Hi all...
> I need help...
> I would like to understand why squid refuse the SSL upload command using
> 'ldapauth'
>
> here it is the debug events :
>
> 2011/05/19 12:39:17.931| httpParseInit: Request buffer is CONNECT
> lennyleonard.wetransfer.com:443 HTTP/1.0
> Host: lennyleonard.wetransfer.com:443
> 2011/05/19 12:39:17.931| HttpMsg.cc(445) parseRequestFirstLine: parsing
> possible request: CONNECT lennyleonard.wetransfer.com:443 HTTP/1.0
> Host: lennyleonard.wetransfer.com:443
> Host: lennyleonard.wetransfer.com:443
> Host: lennyleonard.wetransfer.com:443
> 2011/05/19 12:39:17.931| urlParse: Split URL
> 'lennyleonard.wetransfer.com:443' into proto='',
> host='lennyleonard.wetransfer.com', port='443', path=''
> Host: lennyleonard.wetransfer.com:443
> 2011/05/19 12:39:17.933| aclMatchDomainList: checking
> 'lennyleonard.wetransfer.com'
> 2011/05/19 12:39:17.933| aclMatchDomainList:
> 'lennyleonard.wetransfer.com' NOT found
> 2011/05/19 12:39:17.933| aclMatchDomainList: checking
> 'lennyleonard.wetransfer.com'
> 2011/05/19 12:39:17.933| aclMatchDomainList:
> 'lennyleonard.wetransfer.com' NOT found
> 2011/05/19 12:39:17.934| aclMatchDomainList: checking
> 'lennyleonard.wetransfer.com'
> 2011/05/19 12:39:17.934| aclMatchDomainList:
> 'lennyleonard.wetransfer.com' NOT found
> 2011/05/19 12:39:17.935| aclRegexData::match: checking
> 'lennyleonard.wetransfer.com:443'
> 2011/05/19 12:39:17.935| The request CONNECT
> lennyleonard.wetransfer.com:443 is DENIED, because it matched 'ldapauth'
> 2011/05/19 12:39:17.935| Access Denied: lennyleonard.wetransfer.com:443
>

There are no Proxy-Authentication with credentials in that request. The
denial should be a "regular" auth 407 challenge.

The auth systems use a different debug_options (section 29) so is does
not show up in the access control (section 28) debug.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1
Received on Thu May 19 2011 - 14:41:35 MDT

This archive was generated by hypermail 2.2.0 : Thu May 19 2011 - 12:00:02 MDT