so many tcp_denied in Squid access log

dev_dks · 07-31-2006, 11:23 PM

HI all

I am using squid 2.5 stable 3,Redhat linux enterprise 3 edition,2 GB RAM,120 GB hdd.
Approx 1000 client connects daily to this squid.Client systems having windows 98,windows 2000 and windows xp platform.

I am getting so many..... tcp_denied on this.Is there any solution or any remedie to stop it.

thanks in advance.

Looking for ur co-operation.

Dev

gilead · 08-01-2006, 12:21 AM

It depends on what the error code after TCP_DENIED is. If you see TCP_DENIED/403 then it's most likely a site blocked by one of Squid's access control lists. You'll have to modify the acl to get rid of these - easy if you're the Squid administrator, not so easy if you're not.

If it's TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn't have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can't access the internet, or their auto-update is failing.

If it's TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong - look at the entries after these and see if there is a successful request.

If it's TCP_DENIED/401 then the page requires authorisation. There's probably an entry after these where they authenticated themselves. If there isn't they probably don't have a username/password for the site - it's not really your problem (unless it's your site).

Those are generalisations, but it's the sort of stuff I get in my logs.

cjagdish69 · 09-17-2008, 05:19 AM

Sir,

I am also facing the same problem. In my case i think the automated update is failing. Bcos. I am able to login on the SQUID's machine successfully, but through browser (i.e. after applying the squid ip and port in browser) i am not able to login. Here I am getting again the screen of authentication. This is why i am feeling that the automated update is failing.

But i don't know how to start the auto updating. Can you please guide me in this regard.

By the way I am using RHEL 4,SQUID-2.5.STABLE6-3 with squidGuard-1.3.

- JAGDISH.

Quote:

Originally Posted by gilead

It depends on what the error code after TCP_DENIED is. If you see TCP_DENIED/403 then it's most likely a site blocked by one of Squid's access control lists. You'll have to modify the acl to get rid of these - easy if you're the Squid administrator, not so easy if you're not.

If it's TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn't have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can't access the internet, or their auto-update is failing.

If it's TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong - look at the entries after these and see if there is a successful request.

If it's TCP_DENIED/401 then the page requires authorisation. There's probably an entry after these where they authenticated themselves. If there isn't they probably don't have a username/password for the site - it's not really your problem (unless it's your site).

Those are generalisations, but it's the sort of stuff I get in my logs.