LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   so many tcp_denied in Squid access log (https://www.linuxquestions.org/questions/linux-networking-3/so-many-tcp_denied-in-squid-access-log-469574/)

dev_dks 07-31-2006 11:23 PM
so many tcp_denied in Squid access log
 
HI all

I am using squid 2.5 stable 3,Redhat linux enterprise 3 edition,2 GB RAM,120 GB hdd.
Approx 1000 client connects daily to this squid.Client systems having windows 98,windows 2000 and windows xp platform.

I am getting so many..... tcp_denied on this.Is there any solution or any remedie to stop it.

thanks in advance.

Looking for ur co-operation.

Dev

gilead 08-01-2006 12:21 AM
It depends on what the error code after TCP_DENIED is. If you see TCP_DENIED/403 then it's most likely a site blocked by one of Squid's access control lists. You'll have to modify the acl to get rid of these - easy if you're the Squid administrator, not so easy if you're not.

If it's TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn't have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can't access the internet, or their auto-update is failing.

If it's TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong - look at the entries after these and see if there is a successful request.

If it's TCP_DENIED/401 then the page requires authorisation. There's probably an entry after these where they authenticated themselves. If there isn't they probably don't have a username/password for the site - it's not really your problem (unless it's your site).

Those are generalisations, but it's the sort of stuff I get in my logs.

cjagdish69 09-17-2008 05:19 AM
Tcp_denied/407
 
Sir,

I am also facing the same problem. In my case i think the automated update is failing. Bcos. I am able to login on the SQUID's machine successfully, but through browser (i.e. after applying the squid ip and port in browser) i am not able to login. Here I am getting again the screen of authentication. This is why i am feeling that the automated update is failing.

But i don't know how to start the auto updating. Can you please guide me in this regard.

By the way I am using RHEL 4,SQUID-2.5.STABLE6-3 with squidGuard-1.3.

- JAGDISH.


Quote:
Originally Posted by gilead (Post 2360031)
It depends on what the error code after TCP_DENIED is. If you see TCP_DENIED/403 then it's most likely a site blocked by one of Squid's access control lists. You'll have to modify the acl to get rid of these - easy if you're the Squid administrator, not so easy if you're not.

If it's TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn't have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can't access the internet, or their auto-update is failing.

If it's TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong - look at the entries after these and see if there is a successful request.

If it's TCP_DENIED/401 then the page requires authorisation. There's probably an entry after these where they authenticated themselves. If there isn't they probably don't have a username/password for the site - it's not really your problem (unless it's your site).

Those are generalisations, but it's the sort of stuff I get in my logs.


All times are GMT -5. The time now is 10:15 AM.