Имеет место быть squid3.0-PRE6, конфигlogfile_rotate 5
emulate_httpd_log yes
server_persistent_connections off
debug_options ALL,1 33,2 28,9auth_param basic program /usr/lib/squid3/ncsa_auth /etc/stc/password
auth_param basic children 2
auth_param basic realm proxy
auth_param basic credentialsttl 2 hoursredirect_program /usr/bin/squidGuard
redirect_children 5
redirector_bypass onacl all src 0.0.0.0/0.0.0.0
cache deny all
acl manager proto cache_objecthttp_port 64.191.11.247:3128
http_port 64.191.11.246:3128acl outcredentials1 src 81.200.xx.xx/255.255.255.255
tcp_outgoing_address 64.xxx.11.xx outcredentials1acl outcredentials2 src 218.173.xx.xx/255.255.255.255
tcp_outgoing_address 64.xxx.11.xx outcredentials2request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
# request_header_access All deny all
acl password proxy_auth outcredentials1 outcredentials2http_access allow password
http_access deny allПри запуске выдает:
2008/05/08 17:47:26.787| acl_access::containsPURGE: invoked for 'http_access allow password'
2008/05/08 17:47:26.787| acl_access::containsPURGE: can't create tempAcl
2008/05/08 17:47:26.787| acl_access::containsPURGE: returning falseПроцесс остается, в т.ч. принммается логин/пароль (dummy/dummypass), а в access.log пишется:
1210268895.196 7 81.200.xxx.xx TCP_DENIED_REPLY/403 2317 GET http://opennet.ru/ dummy NONE/- text/htmlВ чем проблема?
>В чем проблема?1 - не следует брать версии PRE! Брать нужно STABLE версии.
2 - плохая манера использовать в акселях такие зарезезвированные слова как password.
3 - Прочитайте еще раз параметры команды proxy_auth и как применять аксель с этой комнадой с другими акселями! Ваши аксели outcredentials1 и outcredentials2, применяемые в proxy_auth - не пришей к кобыле хвост! После proxy_auth должны идти имена юзеров или параметр REQUIRED. Ваши ip адреса тех акселей ему по-банану.# acl aclname proxy_auth username ...
# acl aclname proxy_auth_regex [-i] pattern ...
# # list of valid usernames
# # use REQUIRED to accept any valid username.
# #
# # NOTE: when a Proxy-Authentication header is sent but it is not
# # needed during ACL checking the username is NOT logged
# # in access.log.
# #
# # NOTE: proxy_auth requires a EXTERNAL authentication program
# # to check username/password combinations (see
# # authenticate_program).
# #
# # WARNING: proxy_auth can't be used in a transparent proxy. It
# # collides with any authentication done by origin servers. It may
# # seem like it works at first, but it doesn't.