On 15/06/2012 11:59 p.m., Chaitanya Shastri wrote:
> Hi All,
> We have a small setup of squid/3.0.STABLE19 along with squidGuard
> as a url re-writer. We have some problem navigating to internal pages
> of Linkedin site.
> Initially, I tried to debug using setting "strip_query_terms off"
> and debug options to 28,5. Then I watched the cache.log file. We have
> a setup such that users are allowed only a certain mime types.
> So I have an acl set for that which defines the allowed mime types:
>
> For Ex: acl mimeallowp rep_mime_type -i ^application/pdf$ ...
>
> Then following that I allow the clients in the localnet to access only
> those mime types:
>
> Ex. http_reply_access allow mimeallowp
>
> And finally I deny all:
>
> http_reply_access deny all
>
> What I got from the log file, browsing internal pages of Linkedin was
> that squid parses all mimeallowp's and then does not find a match and
> simply executes http_reply_access deny all and displays Access Denied
> Page.
>
> When I change the line http_reply_access allow mimeallowp with
> http_reply_access localnet where localnet is an acl defining internal
> subnet, all works fine. But I do not want to allow access to client
> machines to access all the mime type.
>
> I also checked the HTTP Headers using the LiveHeaders plugin. There I
> got that the page I was accessing has a "HTTP/1.0 302 Moved
> Temporarily" header. But when I go through squid server, I get a
> "HTTP/1.0 403 Forbidden" header from squid server itself.
>
> Does that mean that squid server is not being able to handle
> redirections properly?
Uhm, what Content-Type does a non-existent body have?
> What do I do in this situation?
You can permit 302 status, the followup request for an object will go
through your ACL controls anyway.
Amos
Received on Fri Jun 15 2012 - 12:28:13 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 15 2012 - 12:00:04 MDT