squid log error TCP_DENIED/407 after weeks of working well
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
squid log error TCP_DENIED/407 after weeks of working well
Hi there, I am new to squid, but I was using squid proxy with authentication working just fine, then yesterday start give this error "TCP_DENIED/407",
The authentication params are as follow:
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl my_network_ips src xxx.x.xx.x/24
http_access allow my_network_ips
http_access deny all
Why it’s this, if nobody touch the config or any other thing on the server?, the server its Centos, VPS, is this issue provoked by any other root user ??
Please is there any solution to solve the issue, let me say that the proxy was working perfectly, and I used every day only by me.
Any help will be really appreciated in advance.
Thanks for the tip devilboy09, I did that, just leave the allow acl as this:
acl my_network_ips src xxx.x.xx.x/24
http_access allow my_network_ips
http_access deny all
and still the log file when running this:
tail -f /var/log/squid/access.log
return TCP_DENIED/407
but I check the iptables here:
/etc/sysconfig/iptables
and it was empty, is that normal ??, then I paste this code:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
and refresh iptables based firewall using this command
/etc/init.d/iptables restart
all [OK] but "Applying iptables firewall rules" its returns FAILED on line 1
could this be the issue ??
please notice that before this happen, the proxy always was working well, I even contact the hosting company and they say they haven't change anything on server.
right now if I write this # /etc/init.d/squid restart the proxy restart normally [OK] stooping and starting but its not listening to any request.
I appreciate any help or instructions you can give me. Thanks.
iptables -F
service iptables save
service iptables restart
and try again.
OK it works for the iptables, now its ok but if I add the line :
Code:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
then its returns FAILED at line 25, so there should be something wrong on that line code,
any way thanks a lot devilboy09 for your comments and help, I just check again all configs and restart squid again its says [OK] but does not work, its a shame cause it was working so strong and stable, well I think I will change my hosting server.
Thanks again man if I found any new I let you know.
then its returns FAILED at line 25, so there should be something wrong on that line code,
did you add this line manually?
try add it with command and try again.
and you said you flushed the iptables file and got an error on line #25! did add any other line beside the one you mentioned ? cause when you flush your iptables's configuration file, there shouldn't be 25 lines in your file.
Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
but you said there should not be more than 25 lines on iptables, any way, I remove the line and flush again all was OK and restart squid, but still not work.
one thing, if I stop the squid and make a request on browser it returns that proxy server its not working, but if I start the squid and make a request its says "sending request" then "Waiting for Site Url" so its like its listening but don't have access to internet.
OK take a look at this,
# iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
then flush iptables all was OK
the restart squid all OK
then making request with browser don't work but ajax request do work, why its that?, I realize about it cause I hit the Edit button on this form to edit the text that its with ajax and I was looking at the log on real time and its works, it pop up the authentication for username and pass, then I write it and the form just appear.
any idea ?? so its working but only for ajax requests
you said that you disabled authentication!
please disable it again and try again.first of all we should be sure that you can make request without authentication and after that we will solve the problem.
OK I disable the authentication, restart squid, then I try again and don't answer, but still working on ajax requests for example take a look to this logs entry's:
Code:
71 190.6.74.155 TCP_DENIED/407 485 HEAD http://oadkqyfiqp/ - NONE/- text/html
1332002613.823 100 190.6.74.155 TCP_DENIED/407 485 HEAD http://dhgccolxgz/ - NONE/- text/html
1332002613.883 59 190.6.74.155 TCP_DENIED/407 485 HEAD http://djeokrkhaa/ - NONE/- text/html
1332002616.719 487 190.6.74.155 TCP_MISS/200 593 POST http://www.linuxquestions.org/questions/ajax.php donstudio DIRECT/75.126.162.205 text/xml
1332030979.125 138 190.6.74.34 TCP_MISS/200 2916 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.65.139 application/vnd.google.safebrowsing-update
1332031018.332 406 190.6.74.34 TCP_MISS/200 5563 POST http://www.linuxquestions.org/questions/ajax.php? - DIRECT/75.126.162.205 text/xml
the last entry its testing with out authentication, and it works only when click on edit button here at linuxquestions on ajax requests.
Please take a look, this is the acl section for authentication on conf file:
Code:
#auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#acl ncsa_users proxy_auth REQUIRED
#http_access allow ncsa_users
acl my_network_ips src xxx.x.xx.x/24
http_access allow my_network_ips
#http_access deny all
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
as you can see the authentication from NCSA its commented, but its seems squid still need authentication to allow access, am I thinking right ?
and in the other hand, if I make an ajax request it works perfectly.
i don't see any misconfiguration.that's weird !!!
what configuration did you do on your clients ? maybe the problem is there !!!
and you still getting TCP-DENIED-407 error ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.