[squid-users] error:transaction-end-before-headers
L.P.H. van Belle
belle at bazuin.nl
Wed Aug 26 12:11:33 UTC 2020
Hai,
Just something i noticed..
> auth_param basic program
> /usr/local/libexec/squid/basic_ldap_auth -P -R
> -b dc=lab,dc=local -D cn=squid,cn=users,dc=lab,dc=local -w squid -f
> "(&(objectClass=person)(sAMAccountName=%s))" -v 3 192.168.0.7:389
Change that to:
auth_param basic program
/usr/local/libexec/squid/basic_ldap_auth -P -R
-b dc=lab,dc=local -D cn=squid,cn=users,dc=lab,dc=local -W /etc/squid/ldap-bind-pwdfile
-f "(&(objectClass=person)(sAMAccountName=%s))" -v 3 192.168.0.7:389
-w squid is changed to
-W path/2//etc/squid/ldap-bind-pwdfile_containing_your_password.
Only add your password in there and only give squid read rights.
Why, if someone runs ps, they might catch the squid password your using..
On your question, see also.
https://www.mail-archive.com/squid-users@lists.squid-cache.org/msg19734.html
I cant answer it myself, i dont know.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] Namens Eric F.
> Verzonden: woensdag 26 augustus 2020 13:53
> Aan: squid-users at lists.squid-cache.org
> Onderwerp: [squid-users] error:transaction-end-before-headers
>
> Hi,
>
> I use squid 4.12 with LDAP (Active Directory).
> All works great except sometimes I have the following errors in my
> access.log file :
>
> 1598438527.315 0 192.168.0.50 NONE/000 0 NONE
> error:transaction-end-before-headers - HIER_NONE/- -
>
> How can i correct that ? Any suggestions ?
>
> Below my squid.conf file :
>
> --8<--
>
> acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this"
> network (LAN)
> acl localnet src 10.0.0.0/8 # RFC 1918 local
> private network
> (LAN)
> acl localnet src 100.64.0.0/10 # RFC 6598 shared
> address space
> (CGN)
> acl localnet src 169.254.0.0/16 # RFC 3927 link-local
> (directly
> plugged) machines
> acl localnet src 172.16.0.0/12 # RFC 1918 local
> private network
> (LAN)
> acl localnet src 192.168.0.0/16 # RFC 1918 local
> private network
> (LAN)
> acl localnet src fc00::/7 # RFC 4193 local
> private network
> range
> acl localnet src fe80::/10 # RFC 4291 link-local
> (directly
> plugged) machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
>
> http_access deny !Safe_ports
>
> http_access deny CONNECT !SSL_ports
>
> http_access allow localhost manager
> http_access deny manager
>
> acl bad_urls urlpath_regex -i "/etc/squid/bad_urls"
> acl bad_domains dstdomain "/etc/squid/bad_domains"
>
> http_access deny bad_urls
> http_access deny bad_domains
>
> auth_param basic program
> /usr/local/libexec/squid/basic_ldap_auth -P -R
> -b dc=lab,dc=local -D cn=squid,cn=users,dc=lab,dc=local -w squid -f
> "(&(objectClass=person)(sAMAccountName=%s))" -v 3 192.168.0.7:389
>
> acl ldap-auth proxy_auth REQUIRED
> http_access allow ldap-auth
>
> http_access allow localnet
> http_access allow localhost
>
> http_access deny all
>
> http_port 3128
>
> coredump_dir /var/squid/cache
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> cache_mgr informatique at lab.local
>
> -->8--
>
> Thank you very much !
>
> Cheers,
>
> Eric F.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list