Re: [squid-users] Squid cannot redirect to an HTTP 302 from Chaitanya Shastri on 2012-06-15 (squid-users)

From: Chaitanya Shastri <chait.shastri_at_gmail.com>
Date: Fri, 15 Jun 2012 18:24:12 +0530

Thanks for a quick reply. We only have a few content types allowed for
the intranet clients. The page which I am trying to access has the
content type application/xml which I
have
already put in the allowed content types.
How do I permit 302 status through squid?
Thanks

On 6/15/12, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 15/06/2012 11:59 p.m., Chaitanya Shastri wrote:
>> Hi All,
>> We have a small setup of squid/3.0.STABLE19 along with squidGuard
>> as a url re-writer. We have some problem navigating to internal pages
>> of Linkedin site.
>> Initially, I tried to debug using setting "strip_query_terms off"
>> and debug options to 28,5. Then I watched the cache.log file. We have
>> a setup such that users are allowed only a certain mime types.
>> So I have an acl set for that which defines the allowed mime types:
>>
>> For Ex: acl mimeallowp rep_mime_type -i ^application/pdf$ ...
>>
>> Then following that I allow the clients in the localnet to access only
>> those mime types:
>>
>> Ex. http_reply_access allow mimeallowp
>>
>> And finally I deny all:
>>
>> http_reply_access deny all
>>
>> What I got from the log file, browsing internal pages of Linkedin was
>> that squid parses all mimeallowp's and then does not find a match and
>> simply executes http_reply_access deny all and displays Access Denied
>> Page.
>>
>> When I change the line http_reply_access allow mimeallowp with
>> http_reply_access localnet where localnet is an acl defining internal
>> subnet, all works fine. But I do not want to allow access to client
>> machines to access all the mime type.
>>
>> I also checked the HTTP Headers using the LiveHeaders plugin. There I
>> got that the page I was accessing has a "HTTP/1.0 302 Moved
>> Temporarily" header. But when I go through squid server, I get a
>> "HTTP/1.0 403 Forbidden" header from squid server itself.
>>
>> Does that mean that squid server is not being able to handle
>> redirections properly?
>
> Uhm, what Content-Type does a non-existent body have?
>
>
>> What do I do in this situation?
>
> You can permit 302 status, the followup request for an object will go
> through your ACL controls anyway.
>
> Amos
>
Received on Fri Jun 15 2012 - 12:54:20 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 16 2012 - 12:00:04 MDT