[squid-users] TCP_DENIED/403 after Upgrading from 3.4.4 to 3.4.7 (ssl_bump enabled)
Amos Jeffries
squid3 at treenet.co.nz
Wed Oct 8 14:21:46 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/10/2014 2:09 a.m., Tom Tom wrote:
> I think, this behaviour was introduced with squid 3.4.4.1
> (http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13113.patch).
>
> I don't exactly understand this behaviour. Any hints for this?
Aha. I am guessing it is a combination of:
* the previous ssl-bumped traffic was brokenly finding "invalid"
credentials
* an "empty" regex actually contains .* (is matching anything valid).
Meaning previously the "invalid" credentials would prevent the regex
being even attempted. Now that the credentials validity is fixed the
regex tests out and matches.
Try putting a single entry of "-" in /etc/squid/DENY_USERS_LOCAL.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUNUh6AAoJELJo5wb/XPRjiB8H/25Xb0JN+C2cSUCr09giKZxq
TdjprcHDeTYbJ9/MyRXsN1ZOmGyBP5XF3629+9fblhoqvCgutO2jb0kHbsrV1v9m
CDfs6MhsSF2AEN5tR/4H6ZIKeajBfHZMMsCOhM7BJmajXyhF89T5K2ir4GDuKI2U
9B+6lhuvFxqae8GyGGS2X5//LHpOmej4+Ny8GpY+6F1lLaen/X3prH6qP+2aipNx
jIOiN3kRrGbOACU+KJXyRJpzoCvz0xt9KtBsbQNA5z6W6fs6MhunuLhYve0r1f7n
UxTBTu0OcbI8RrdA9R8fCHgKxRkBwHyT6G/domxIZrGwe8b5r2Xl8F0zzdsSN1I=
=ojpT
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list