Hi,
Thanks for you information. We are using ntlm auth, TCP Denied are ok
in this log? In ou log there are many error TCP Denied 407 and I'm not
sure if this is correct...
About second question, we need to use squid only as reporting tools,
how can we ensure that squid doesn't apply any restriction and deny
any connection? We only use squid to generate statistics with sarg.
Thanks
2014-05-20 18:32 GMT+02:00 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 21/05/2014 1:52 a.m., Trenta sis wrote:
>> Hello,
>>
>> I have Debian Squeeze with squid3:
>> ii sarg 2.3.1-1~bpo60+1
>> squid analysis report generator
>> ii squid-langpack 20100628-1
>> Localized error pages for Squid
>> ii squid3 3.1.6-1.2+squeeze2
>> A full featured Web Proxy cache (HTTP proxy)
>> ii squid3-common 3.1.6-1.2+squeeze2
>> A full featured Web Proxy cache (HTTP proxy) - common files
>>
>>
>> And we have some problems with some url, for example there are users
>> that has disconnections when they are editing prezi presentations, in
>> logs error is:
>>
>> 1400591927.068 164 192.168.10.17 TCP_MISS/200 36175 GET
>> http://cdn-a.prezi.com/bin/modules/imagesearch-bbc2d65a304a2344a4239bda263525a92e1eb21c.swf
>> 32847 DIRECT/23.51.75.49 application/x-shockwave-flash
>> 1400591927.173 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT
>> s3.amazonaws.com:443 - NONE/- text/html
>> 1400591927.179 0 192.168.10.17 TCP_DENIED/407 4048 CONNECT
>> s3.amazonaws.com:443 - NONE/- text/html
>> 1400591927.315 0 192.168.10.17 TCP_DENIED/407 4721 GET
>> http://www.google-analytics.com/__utm.gif? - NONE/- text/html
>> 1400591927.320 0 192.168.10.17 TCP_DENIED/407 5032 GET
>> http://www.google-analytics.com/__utm.gif? - NONE/- text/html
>> 1400591927.361 39 192.168.10.17 TCP_MISS/200 525 GET
>> http://www.google-analytics.com/__utm.gif? 32847 DIRECT/173.194.41.9
>> image/gif
>> 1400591927.888 23 192.168.10.17 TCP_MISS/200 525 GET
>> http://www.google-analytics.com/__utm.gif? 32847 DIRECT/173.194.41.9
>> image/gif
>> 1400591927.891 718 192.168.10.17 TCP_MISS/200 3469 POST
>> http://prezi.com/api/token/imagerecommendation/ 32847
>> DIRECT/54.235.184.72 application/json
>> 1400591927.901 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT
>> search.prezi.com:443 - NONE/- text/html
>> 1400591927.904 1 192.168.10.17 TCP_DENIED/407 4048 CONNECT
>> search.prezi.com:443 - NONE/- text/html
>> 1400591928.904 1723 192.168.10.17 TCP_MISS/200 34768 CONNECT
>> s3.amazonaws.com:443 32847 DIRECT/176.32.102.82 -
>> 1400591929.193 21000 192.168.10.17 TCP_MISS/503 5544 POST
>> http://meeting04.prezi.com/ 32847 DIRECT/184.72.217.112 text/html
>> 1400591929.933 0 192.168.10.17 TCP_DENIED/407 4281 GET
>> http://s3.amazonaws.com/0103.static.prezi.com/media/d/9/d/435b54a01855f57523aff086e8f19dc72b6a2.jpg
>> - NONE/- text/html
>> 1400591929.934 0 192.168.10.17 TCP_DENIED/407 5528 GET
>> http://0103.static.prezi.com/crossdomain.xml - NONE/- text/html
>> 1400591929.936 1 192.168.10.17 TCP_DENIED/407 4592 GET
>> http://s3.amazonaws.com/0103.static.prezi.com/media/d/9/d/435b54a01855f57523aff086e8f19dc72b6a2.jpg
>> - NONE/- text/html
>> 1400591929.937 1 192.168.10.17 TCP_DENIED/407 5839 GET
>> http://0103.static.prezi.com/crossdomain.xml - NONE/- text/html
>> 1400591930.351 414 192.168.10.17 TCP_MISS/200 828 GET
>> http://0103.static.prezi.com/crossdomain.xml 32847
>> DIRECT/75.101.163.113 text/xml
>> 1400591930.552 142 192.168.10.17 TCP_MISS/302 569 GET
>> http://0103.static.prezi.com/thumbnail/330/converted/1/1/a/af15ad4698fd68e3ab40dbfb63f791477916c.jpe
>> 32847 DIRECT/75.101.163.113 text/html
>> 1400591930.561 0 192.168.10.17 TCP_DENIED/407 3737 CONNECT
>> s3.amazonaws.com:443 - NONE/- text/html
>> 1400591930.563 0 192.168.10.17 TCP_DENIED/407 4048 CONNECT
>> s3.amazonaws.com:443 - NONE/- text/html
>>
>> We are using samba-ldap domain and user are using an acl to allow only
>> auths users.
>>
>> Our proxy is only to generate statitics using sarg, we need that squid
>> doesn't make any tcp denied or any restriction, we need to allo all
>> traffic from our internal ip and auth users. How can I do this and
>> solve this problems with prezi?
>
> I dont see any errors in that log.
>
> Your Squid is requiring authentication. This requires the client
> software (prezi) to be capable of authenticating HTTP requests.
>
> From the pattern of two 407 followed by a 200 it appears that you are
> using NTLM authentication. That type of authentication has a 407
> challenge to announce the available auth type(s), a second 407 challenge
> to deliver security keys from the server, then a third request to
> receive final authentication from the client.
>
> We have had a number of bugs in CONNECT handling over the years. I
> suggest you install a later squid3 package the one from Debian Wheezy
> (current stable Debian) repository should work on Squeeze.
>
> Amos
Received on Wed May 21 2014 - 07:18:21 MDT
This archive was generated by hypermail 2.2.0 : Wed May 21 2014 - 12:00:05 MDT