[squid-users] debug_options appears to change squid behaviour
Amos Jeffries
squid3 at treenet.co.nz
Mon May 9 07:20:21 UTC 2016
On 9/05/2016 5:19 p.m., Mark Carey wrote:
> Hi,
>
> Running squid 3.1.19-1ubuntu3.12.04.2.
>
Please ugrade. Both your Squid and Ubuntu are very much past their
end-of-life dates.
> acl sefup dst massing-uploads.s3.amazonaws.com
> acl sefairauser src 192.168.10.54/32
> http_access allow sefairauser sefup
> http_access allow CONNECT sefairauser sefup
>
> When run "normally" and my application (or browser) tries to access
> the site I get, TCP_DENIED
>
> 1462769200.720 6 192.168.10.54 TCP_DENIED/403 3737 CONNECT
> massing-uploads.s3.amazonaws.com:443 - NONE/- text/html
>
> If I enable debugging
>
> debug_options 28,1
>
> The application seems to start working
>
> 1462769557.248 10409 192.168.10.54 TCP_MISS/200 4026 CONNECT
> massing-uploads.s3.amazonaws.com:443 - DIRECT/54.231.14.9 -
>
> Now the server owner could be having problems at their end and dishing
> out different responses from different hosts in their pool of hosts in
> their Amazon AWS cloud.
>
> Is there any reason why squid would use different code paths with
> debug_options set?
Not with 28,1.
I expect it is your use of dst ACL type. Domain and host names used in
IP based ACLs are resolved on startup or reconfigure.
Use dstdomain for name-based access control.
Amos
More information about the squid-users
mailing list