[squid-users] TCP_MISS then TCP_DENIED

From: <peter_at_pshankland.co.uk>
Date: Tue, 29 Jul 2014 18:18:27 +0100

Hi, I have configured a new install of Squid on CentOS 6.5 via yum. I
have followed some of the guides on the Squid wiki to get AD group
authentication working but am getting some strange results when looking
within the access.log.

As you can see from the following log entries, the server, with an
authentication user logged in and browsing to www.google.com, gets a
couple of TCP_MISS/200 entries and then TCP_DENIED/407 before going back
to TCP_MISS/200 again:

1406653633.180 220 172.29.94.15 TCP_MISS/200 3863 CONNECT
ssl.gstatic.com:443 admin_pete DIRECT/74.125.230.119 -
1406653633.180 78 172.29.94.15 TCP_MISS/200 3524 CONNECT
www.google.com:443 admin_pete DIRECT/173.194.41.116 -
1406653633.182 0 172.29.94.15 TCP_DENIED/407 3951 CONNECT
www.google.com:443 - NONE/- text/html
1406653633.185 0 172.29.94.15 TCP_DENIED/407 4280 CONNECT
www.google.com:443 - NONE/- text/html
1406653633.194 0 172.29.94.15 TCP_DENIED/407 3955 CONNECT
ssl.gstatic.com:443 - NONE/- text/html
1406653633.196 0 172.29.94.15 TCP_DENIED/407 4284 CONNECT
ssl.gstatic.com:443 - NONE/- text/html
1406653633.247 72 172.29.94.15 TCP_MISS/200 3862 CONNECT
www.gstatic.com:443 admin_pete DIRECT/74.125.230.127 -
1406653633.249 0 172.29.94.15 TCP_DENIED/407 3955 CONNECT
www.gstatic.com:443 - NONE/- text/html
1406653633.252 0 172.29.94.15 TCP_DENIED/407 4284 CONNECT
www.gstatic.com:443 - NONE/- text/html
1406653633.394 0 172.29.94.15 TCP_DENIED/407 3955 CONNECT
apis.google.com:443 - NONE/- text/html

It is a bit confusing as the web page loads but I get all these denied
logs within access.log.

Could someone help me understand what this means?

Thanks.
Pete.
Received on Tue Jul 29 2014 - 17:18:34 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 30 2014 - 12:00:04 MDT