[squid-users] Squid bind each outgoing ip to a user?

jyliu liujy0208 at gmail.com
Sun Apr 7 07:01:14 UTC 2019


Thanks for replying so quickly! I really appreciate it!

I am very new to Squid (start a week ago) so I probably will make dumb
mistakes.

I just search this forum and find another post similar to my problem, and
your answer is:
>http_port xxx.xxx.xxx.14:3128 name=0
>acl ip1 myportname 0
>tcp_outgoing_address xxx.xxx.xxx.14 ip1

Is this the same as what I am previously doing?
> http_port 3128 
> acl ip1 myip xxx.xxx.xxx.14 
> tcp_outgoing_address xxx.xxx.xxx.14 ip1 



I check access.log it returns 407:
TCP_DENIED/407 3710 GET http://www.google.com/ test HIER_NONE/- text/html

I am not sure how to put -d in squid.conf helper...But I add those
debug_options.

And here is cache.log file:
19/04/07 02:54:03.585 kid1| Eui48.cc(204) lookup: id=0x1b94b94 query ARP
table
2019/04/07 02:54:03.586 kid1| Eui48.cc(247) lookup: id=0x1b94b94 query ARP
on each interface (280 found)
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface lo
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface eth0
2019/04/07 02:54:03.586 kid1| Eui48.cc(262) lookup: id=0x1b94b94 looking up
ARP address for 209.166.109.90 on eth0
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface eth0:0
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface eth0:1
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface eth0:2
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface eth0:3
2019/04/07 02:54:03.586 kid1| Eui48.cc(253) lookup: id=0x1b94b94 found
interface eth0:4
2019/04/07 02:54:03.586 kid1| Eui48.cc(541) lookup: id=0x1b94b94
209.166.109.90 NOT found
2019/04/07 02:54:03.586 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fff1c681000
2019/04/07 02:54:03.586 kid1| Checklist.cc(189) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fff1c681000
2019/04/07 02:54:03.586 kid1| client_side.cc(2408) parseHttpRequest: HTTP
Client local=204.188.217.14:3128 remote=209.166.109.90:55394 FD 9 flags=1
2019/04/07 02:54:03.586 kid1| client_side.cc(2409) parseHttpRequest: HTTP
Client REQUEST:
---------
GET http://www.google.com/ HTTP/1.1
Host: www.google.com
Proxy-Authorization: Basic dGVzdDp0ZXN0
User-Agent: curl/7.58.0
Accept: */*
Proxy-Connection: Keep-Alive


----------
2019/04/07 02:54:03.587 kid1| Checklist.cc(62) preCheck: 0x1777988 checking
slow rules
2019/04/07 02:54:03.587 kid1| Acl.cc(157) matches: checking http_access
2019/04/07 02:54:03.587 kid1| Acl.cc(157) matches: checking http_access#1
2019/04/07 02:54:03.587 kid1| Acl.cc(157) matches: checking !ncsa_users
2019/04/07 02:54:03.587 kid1| Acl.cc(157) matches: checking ncsa_users
2019/04/07 02:54:03.587 kid1| AclProxyAuth.cc(143) checkForAsync: checking
password via authenticator
2019/04/07 02:54:03.587 kid1| Starting new basicauthenticator helpers...
2019/04/07 02:54:03.588 kid1| Acl.cc(62) AuthenticateAcl: returning 2
sending credentials to helper.
2019/04/07 02:54:03.588 kid1| Acl.cc(177) matches: checked: ncsa_users = -1
async
2019/04/07 02:54:03.588 kid1| Acl.cc(177) matches: checked: !ncsa_users = -1
async
2019/04/07 02:54:03.588 kid1| Acl.cc(177) matches: checked: http_access#1 =
-1 async
2019/04/07 02:54:03.588 kid1| Acl.cc(177) matches: checked: http_access = -1
async
2019/04/07 02:54:03.602 kid1| InnerNode.cc(87) resumeMatchingAt: checking
http_access at 0
2019/04/07 02:54:03.602 kid1| InnerNode.cc(87) resumeMatchingAt: checking
http_access#1 at 0
2019/04/07 02:54:03.602 kid1| InnerNode.cc(87) resumeMatchingAt: checking
!ncsa_users at 0
2019/04/07 02:54:03.602 kid1| Acl.cc(157) matches: checking ncsa_users
2019/04/07 02:54:03.602 kid1| Acl.cc(359) cacheMatchAcl: ACL::cacheMatchAcl:
miss for 'ncsa_users'. Adding result 1
2019/04/07 02:54:03.602 kid1| Acl.cc(177) matches: checked: ncsa_users = 1
2019/04/07 02:54:03.602 kid1| InnerNode.cc(90) resumeMatchingAt: checked:
!ncsa_users = 0
2019/04/07 02:54:03.602 kid1| InnerNode.cc(90) resumeMatchingAt: checked:
http_access#1 = 0
2019/04/07 02:54:03.602 kid1| Acl.cc(157) matches: checking http_access#2
2019/04/07 02:54:03.602 kid1| Acl.cc(157) matches: checking userIp
2019/04/07 02:54:03.602 kid1| Acl.cc(177) matches: checked: userIp = -1
async
2019/04/07 02:54:03.602 kid1| Acl.cc(177) matches: checked: http_access#2 =
-1 async
2019/04/07 02:54:03.602 kid1| InnerNode.cc(90) resumeMatchingAt: checked:
http_access = -1 async
2019/04/07 02:54:03.602 kid1| InnerNode.cc(87) resumeMatchingAt: checking
http_access at 1
2019/04/07 02:54:03.602 kid1| InnerNode.cc(87) resumeMatchingAt: checking
http_access#2 at 0
2019/04/07 02:54:03.602 kid1| Acl.cc(157) matches: checking userIp
2019/04/07 02:54:03.602 kid1| Acl.cc(177) matches: checked: userIp = 0
2019/04/07 02:54:03.602 kid1| InnerNode.cc(90) resumeMatchingAt: checked:
http_access#2 = 0
2019/04/07 02:54:03.602 kid1| InnerNode.cc(90) resumeMatchingAt: checked:
http_access = 0
2019/04/07 02:54:03.602 kid1| Checklist.cc(378) calcImplicitAnswer:
0x1777988 NO match found, last action ALLOWED so returning DENIED
2019/04/07 02:54:03.602 kid1| Checklist.cc(55) markFinished: 0x1777988
answer DENIED for implicit rule won
2019/04/07 02:54:03.602 kid1| Checklist.cc(155) checkCallback:
ACLChecklist::checkCallback: 0x1777988 answer=DENIED
2019/04/07 02:54:03.602 kid1| Gadgets.cc(103) aclIsProxyAuth:
aclIsProxyAuth: called for userIp
2019/04/07 02:54:03.603 kid1| Gadgets.cc(108) aclIsProxyAuth:
aclIsProxyAuth: returning 1
2019/04/07 02:54:03.603 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fff1c680c30
2019/04/07 02:54:03.603 kid1| Checklist.cc(189) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fff1c680c30
2019/04/07 02:54:03.603 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fff1c680a90
2019/04/07 02:54:03.603 kid1| Checklist.cc(189) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fff1c680a90
2019/04/07 02:54:03.603 kid1| client_side.cc(1460) sendStartOfMessage: HTTP
Client local=204.188.217.14:3128 remote=209.166.109.90:55394 FD 9 flags=1
2019/04/07 02:54:03.603 kid1| client_side.cc(1461) sendStartOfMessage: HTTP
Client REPLY:
---------
HTTP/1.1 407 Proxy Authentication Required
Server: squid/3.4.14
Mime-Version: 1.0
Date: Sun, 07 Apr 2019 06:54:03 GMT
Content-Type: text/html
Content-Length: 3234
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
X-Cache: MISS from mx3.dealsbay.org
X-Cache-Lookup: NONE from mx3.dealsbay.org:3128
Via: 1.1 mx3.dealsbay.org (squid/3.4.14)
Connection: keep-alive


----------
2019/04/07 02:54:03.603 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x1777988
2019/04/07 02:54:03.603 kid1| Checklist.cc(189) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x1777988
2019/04/07 02:54:03.604 kid1| Checklist.cc(62) preCheck: 0x7fff1c680d20
checking fast ACLs
2019/04/07 02:54:03.604 kid1| Acl.cc(157) matches: checking access_log
daemon:/var/log/squid/access.log
2019/04/07 02:54:03.604 kid1| Acl.cc(157) matches: checking (access_log
daemon:/var/log/squid/access.log line)
2019/04/07 02:54:03.604 kid1| Acl.cc(177) matches: checked: (access_log
daemon:/var/log/squid/access.log line) = 1
2019/04/07 02:54:03.604 kid1| Acl.cc(177) matches: checked: access_log
daemon:/var/log/squid/access.log = 1
2019/04/07 02:54:03.604 kid1| Checklist.cc(55) markFinished: 0x7fff1c680d20
answer ALLOWED for match
2019/04/07 02:54:03.604 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fff1c680d20
2019/04/07 02:54:03.604 kid1| Checklist.cc(189) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fff1c680d20



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list