LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-31-2006, 11:23 PM   #1
dev_dks
LQ Newbie
 
Registered: Jul 2006
Location: INDIA
Distribution: RHEL/SOLARIS 10/UBUNTU/CENTOS
Posts: 13

Rep: Reputation: 1
so many tcp_denied in Squid access log


HI all

I am using squid 2.5 stable 3,Redhat linux enterprise 3 edition,2 GB RAM,120 GB hdd.
Approx 1000 client connects daily to this squid.Client systems having windows 98,windows 2000 and windows xp platform.

I am getting so many..... tcp_denied on this.Is there any solution or any remedie to stop it.

thanks in advance.

Looking for ur co-operation.

Dev
 
Old 08-01-2006, 12:21 AM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
It depends on what the error code after TCP_DENIED is. If you see TCP_DENIED/403 then it's most likely a site blocked by one of Squid's access control lists. You'll have to modify the acl to get rid of these - easy if you're the Squid administrator, not so easy if you're not.

If it's TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn't have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can't access the internet, or their auto-update is failing.

If it's TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong - look at the entries after these and see if there is a successful request.

If it's TCP_DENIED/401 then the page requires authorisation. There's probably an entry after these where they authenticated themselves. If there isn't they probably don't have a username/password for the site - it's not really your problem (unless it's your site).

Those are generalisations, but it's the sort of stuff I get in my logs.
 
Old 09-17-2008, 05:19 AM   #3
cjagdish69
Member
 
Registered: Oct 2003
Location: Bombay,Maharashtra,India
Posts: 60

Rep: Reputation: 15
Question Tcp_denied/407

Sir,

I am also facing the same problem. In my case i think the automated update is failing. Bcos. I am able to login on the SQUID's machine successfully, but through browser (i.e. after applying the squid ip and port in browser) i am not able to login. Here I am getting again the screen of authentication. This is why i am feeling that the automated update is failing.

But i don't know how to start the auto updating. Can you please guide me in this regard.

By the way I am using RHEL 4,SQUID-2.5.STABLE6-3 with squidGuard-1.3.

- JAGDISH.


Quote:
Originally Posted by gilead View Post
It depends on what the error code after TCP_DENIED is. If you see TCP_DENIED/403 then it's most likely a site blocked by one of Squid's access control lists. You'll have to modify the acl to get rid of these - easy if you're the Squid administrator, not so easy if you're not.

If it's TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn't have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can't access the internet, or their auto-update is failing.

If it's TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong - look at the entries after these and see if there is a successful request.

If it's TCP_DENIED/401 then the page requires authorisation. There's probably an entry after these where they authenticated themselves. If there isn't they probably don't have a username/password for the site - it's not really your problem (unless it's your site).

Those are generalisations, but it's the sort of stuff I get in my logs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to get squid to stop logging TCP_DENIED entries PirateJack Linux - Software 0 03-15-2006 09:10 AM
website access log - through Squid tsaravan Linux - Networking 4 02-05-2006 09:08 AM
trouble with squid access.log mephitic Linux - Software 0 11-02-2004 11:03 AM
My squid won't fill /var/log/squid/access.log linuxlah Linux - General 5 10-06-2003 10:51 PM
Squid access.log files davebarnes Linux - Networking 1 10-27-2002 04:05 PM


All times are GMT -5. The time now is 02:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration