Squid проблема с правами.

fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Squid проблема с правами.

Сообщение fincherling »

Добрый день,
подскажите пожалуйста настраивал SQUID по инструкции на сайте https://blog.it-kb.ru/2014/06/24/forwar ... d-winbind/
Проблема следующая авторизация через Kerberos работает пользователя домена распознает, а в интернет не пускает, пишет что нет доступа, скорей всего что то делаю не правильно, побывал уже два раза )
Конфигурация Squid

Код: Выделить всё

debug_options ALL,1 33,5 28,5 29,5

# SQUID 3.4.8 Configuration
# -----------------------------------------------------------------------------
#
# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------
#
# Negotiate Kerberos and NTLM authentication
auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib/squid3/negotiate_kerberos_auth -r -s HTTP/conductor.ekt.mbrd.ru@EKT.MBRD.RU
auth_param negotiate children 200 startup=50 idle=10
auth_param negotiate keep_alive off

# Only NTLM authentication
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 100 startup=20 idle=5
auth_param ntlm keep_alive off

# Basic authentication via ldap for clients not authenticated via kerberos/ntlm
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -P -R -b "dc=ekt,dc=mbrd,dc=ru" -D squid3@ekt.mbrd.ru -W /etc/squid3/conf_param_ldappass.txt -f sAMAccountName=%s -h ekt-dc1.ekt.mbrd.ru
auth_param basic children 20
auth_param basic realm "EKT-DC1.EKT.MBRD.RU SQUID Proxy Server Basic authentication!"
auth_param basic credentialsttl 2 hours

# ACCESS CONTROLS
# -----------------------------------------------------------------------------
#
# LDAP authorization
external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=ekt,dc=mbrd,dc=ru" -D squid3@ekt.mbrd.ru -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Security Groups,OU=EKT,DC=ekt,DC=mbrd,DC=ru))" -h ekt-dc1.ekt.mbrd.ru
#
acl auth proxy_auth REQUIRED
acl BlockedAccess       external memberof "/etc/squid3/conf_param_groups_blocked.txt"
acl RestrictedAccess    external memberof "/etc/squid3/conf_param_groups_restricted.txt"
acl StandardAccess      external memberof "/etc/squid3/conf_param_groups_standard.txt"
acl FullAccess          external memberof "/etc/squid3/conf_param_groups_full_auth.txt"
acl AnonymousAccess     external memberof "/etc/squid3/conf_param_groups_full_anon.txt"


acl allowedsites        dstdomain "/etc/squid3/conf_param_sites_allowed.txt"
acl blockedsites        dstdomain "/etc/squid3/conf_param_sites_blocked.txt"
acl prioritysites       dstdomain "/etc/squid3/conf_param_sites_priority.txt"
#
acl LocalWUServers    src       "/etc/squid3/conf_param_computers_wsus.txt"
acl GlobalWUSites     dstdomain "/etc/squid3/conf_param_sites_wsus.txt"
#
#
# Squid default ACLs
# ACLs all, manager, localhost, and to_localhost are predefined.
# acl manager proto cache_object
# acl localhost src 127.0.0.1/32 ::1
# acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 172.17.0.0/24    # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
#acl localnet src fc00::/7       # RFC 4193 local private network range
#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
#
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Аllow cachemgr access from localhost and localnet
http_access allow localhost manager
http_access allow localnet manager
http_access deny manager

# Allow direct access to Windows Update
http_access allow GlobalWUSites LocalWUServers

# Allow unrestricted access to prioritysites
http_access allow prioritysites localnet

# Enforce authentication, order of rules is important for authorization levels
http_access deny !auth

# Prevent access to basic auth prompt for BlockedAccess users
http_access deny BlockedAccess all
http_access allow allowedsites localnet
http_access deny RestrictedAccess all
http_access allow AnonymousAccess auth localnet
http_access allow FullAccess auth localnet
http_access deny blockedsites
http_access allow StandardAccess auth localnet

# And finally deny all other access to this proxy
http_access deny all
#
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
#
http_port 172.17.16.94:3128
#
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
#
hierarchy_stoplist cgi-bin ?
forward_max_tries 25
#

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
#
# don't log AnonymousAccess
access_log daemon:/var/log/squid3/access.log squid !AnonymousAccess

# OPTIONS FOR TROUBLESHOOTING
# -----------------------------------------------------------------------------
#
cache_log /var/log/squid3/cache.log
coredump_dir /var/spool/squid3

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
#
cache_mgr it@ekt.mtsbank.ru
httpd_suppress_version_string on
visible_hostname SQUID MTSBANK.RU

# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
#
error_directory /usr/share/squid3/errors/ru
error_default_language ru

# DNS OPTIONS
# -----------------------------------------------------------------------------
#
dns_v4_first on


#
#

Код: Выделить всё

2016/12/07 12:35:21.196 kid1| Checklist.cc(62) preCheck: 0xb8fb11a0 checking slow rules
2016/12/07 12:35:21.196 kid1| Acl.cc(157) matches: checking http_access
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking http_access#1
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking !Safe_ports
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking Safe_ports
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: Safe_ports = 1
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: !Safe_ports = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: http_access#1 = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking http_access#2
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking CONNECT
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: CONNECT = 1
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking !SSL_ports
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking SSL_ports
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: SSL_ports = 1
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: !SSL_ports = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: http_access#2 = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking http_access#3
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking localhost
2016/12/07 12:35:21.197 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' NOT found
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: localhost = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: http_access#3 = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking http_access#4
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking localnet
2016/12/07 12:35:21.197 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' NOT found
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: localnet = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: http_access#4 = 0
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking http_access#5
2016/12/07 12:35:21.197 kid1| Acl.cc(157) matches: checking manager
2016/12/07 12:35:21.197 kid1| RegexData.cc(71) match: aclRegexData::match: checking 'ssl.gstatic.com:443'
2016/12/07 12:35:21.197 kid1| RegexData.cc(82) match: aclRegexData::match: looking for '(^cache_object://)'
2016/12/07 12:35:21.197 kid1| RegexData.cc(82) match: aclRegexData::match: looking for '(^https?://[^/]+/squid-internal-mgr/)'
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: manager = 0
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: http_access#5 = 0
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking http_access#6
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking GlobalWUSites
2016/12/07 12:35:21.198 kid1| DomainData.cc(131) match: aclMatchDomainList: checking 'ssl.gstatic.com'
2016/12/07 12:35:21.198 kid1| DomainData.cc(135) match: aclMatchDomainList: 'ssl.gstatic.com' NOT found
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: GlobalWUSites = 0
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: http_access#6 = 0
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking http_access#7
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking prioritysites
2016/12/07 12:35:21.198 kid1| DomainData.cc(131) match: aclMatchDomainList: checking 'ssl.gstatic.com'
2016/12/07 12:35:21.198 kid1| DomainData.cc(135) match: aclMatchDomainList: 'ssl.gstatic.com' NOT found
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: prioritysites = 0
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: http_access#7 = 0
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking http_access#8
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking !auth
2016/12/07 12:35:21.198 kid1| Acl.cc(157) matches: checking auth
2016/12/07 12:35:21.198 kid1| UserRequest.cc(373) authenticate: No connection authentication type
2016/12/07 12:35:21.198 kid1| User.cc(68) User: Initialised auth_user '0xb8fa8038'.
2016/12/07 12:35:21.198 kid1| UserRequest.cc(115) UserRequest: initialised request 0xb8faab80
2016/12/07 12:35:21.198 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.198 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.198 kid1| client_side.cc(785) setAuth: Adding connection-auth to local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 from new Negotiate handshake request
2016/12/07 12:35:21.198 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.198 kid1| AclProxyAuth.cc(143) checkForAsync: checking password via authenticator
2016/12/07 12:35:21.198 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.198 kid1| Acl.cc(62) AuthenticateAcl: returning 2 sending credentials to helper.
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: auth = -1 async
2016/12/07 12:35:21.198 kid1| Acl.cc(177) matches: checked: !auth = -1 async
2016/12/07 12:35:21.199 kid1| Acl.cc(177) matches: checked: http_access#8 = -1 async
2016/12/07 12:35:21.199 kid1| Acl.cc(177) matches: checked: http_access = -1 async
2016/12/07 12:35:21.199 kid1| client_side.cc(3046) clientParseRequests: Not parsing new requests, as this request may need the connection
2016/12/07 12:35:21.199 kid1| AsyncJob.cc(146) callEnd: ConnStateData status out: [ job626]
2016/12/07 12:35:21.199 kid1| AsyncCallQueue.cc(53) fireNext: leaving ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8d2a558, size=313, buf=0xb8f544c8)
2016/12/07 12:35:21.201 kid1| UserRequest.cc(260) HandleReply: Need to challenge the client with a server token: 'TlRMTVNTUAACAAAABgAGADgAAAAVgoniGOwaL91c1n4AAAAAAAAAAHgAeAA+AAAABgEAAAAAAA9FAEsAVAACAAYARQBLAFQAAQASAEMATwBOAEQAVQBDAFQATwBSAAQAFgBlAGsAdAAuAG0AYgByAGQALgByAHUAAwAqAGMAbwBuAGQAdQBjAHQAbwByAC4AZQBrAHQALgBtAGIAcgBkAC4AcgB1AAcACABqXxF3XFDSAQAAAAA='
2016/12/07 12:35:21.201 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.201 kid1| InnerNode.cc(87) resumeMatchingAt: checking http_access at 7
2016/12/07 12:35:21.201 kid1| InnerNode.cc(87) resumeMatchingAt: checking http_access#8 at 0
2016/12/07 12:35:21.201 kid1| InnerNode.cc(87) resumeMatchingAt: checking !auth at 0
2016/12/07 12:35:21.201 kid1| Acl.cc(157) matches: checking auth
2016/12/07 12:35:21.201 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.202 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.202 kid1| UserRequest.cc(152) authenticate: need to challenge client 'TlRMTVNTUAACAAAABgAGADgAAAAVgoniGOwaL91c1n4AAAAAAAAAAHgAeAA+AAAABgEAAAAAAA9FAEsAVAACAAYARQBLAFQAAQASAEMATwBOAEQAVQBDAFQATwBSAAQAFgBlAGsAdAAuAG0AYgByAGQALgByAHUAAwAqAGMAbwBuAGQAdQBjAHQAbwByAC4AZQBrAHQALgBtAGIAcgBkAC4AcgB1AAcACABqXxF3XFDSAQAAAAA='!
2016/12/07 12:35:21.202 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.202 kid1| Acl.cc(68) AuthenticateAcl: returning 3 sending authentication challenge.
2016/12/07 12:35:21.202 kid1| Checklist.cc(55) markFinished: 0xb8fb11a0 answer AUTH_REQUIRED for AuthenticateAcl exception
2016/12/07 12:35:21.202 kid1| Acl.cc(177) matches: checked: auth = -1
2016/12/07 12:35:21.202 kid1| InnerNode.cc(90) resumeMatchingAt: checked: !auth = -1
2016/12/07 12:35:21.202 kid1| InnerNode.cc(90) resumeMatchingAt: checked: http_access#8 = -1
2016/12/07 12:35:21.202 kid1| InnerNode.cc(90) resumeMatchingAt: checked: http_access = -1
2016/12/07 12:35:21.202 kid1| Checklist.cc(155) checkCallback: ACLChecklist::checkCallback: 0xb8fb11a0 answer=AUTH_REQUIRED
2016/12/07 12:35:21.202 kid1| client_side_request.cc(781) clientAccessCheckDone: Proxy Auth Message = <null>
2016/12/07 12:35:21.202 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xbff3c754
2016/12/07 12:35:21.202 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xbff3c754
2016/12/07 12:35:21.202 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xbff3c754
2016/12/07 12:35:21.202 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xbff3c754
2016/12/07 12:35:21.203 kid1| store_client.cc(349) doCopy: store_client::doCopy: co: 0, hi: 2133
2016/12/07 12:35:21.203 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.203 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall clientWriteComplete constructed, this=0xb8cdfb18 [call6906]
2016/12/07 12:35:21.203 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb8fb11a0
2016/12/07 12:35:21.203 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb8fb11a0
2016/12/07 12:35:21.204 kid1| AsyncCall.cc(85) ScheduleCall: IoCallback.cc(127) will call clientWriteComplete(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8fb34a0) [call6906]
2016/12/07 12:35:21.204 kid1| AsyncCallQueue.cc(51) fireNext: entering clientWriteComplete(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8fb34a0)
2016/12/07 12:35:21.204 kid1| AsyncCall.cc(30) make: make call clientWriteComplete [call6906]
2016/12/07 12:35:21.204 kid1| client_side.cc(1943) writeComplete: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, sz 2521, err 0, off 2521, len 2133
2016/12/07 12:35:21.204 kid1| client_side.cc(1964) writeComplete: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 Keeping Alive
2016/12/07 12:35:21.204 kid1| client_side.cc(1626) keepaliveNextRequest: ConnnStateData(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1), Context(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1)
2016/12/07 12:35:21.204 kid1| client_side_request.cc(267) ~ClientHttpRequest: httpRequestFree: ssl.gstatic.com:443
2016/12/07 12:35:21.204 kid1| Checklist.cc(62) preCheck: 0xbff3c774 checking fast ACLs
2016/12/07 12:35:21.204 kid1| Acl.cc(157) matches: checking access_log daemon:/var/log/squid3/access.log
2016/12/07 12:35:21.204 kid1| Acl.cc(157) matches: checking (access_log daemon:/var/log/squid3/access.log line)
2016/12/07 12:35:21.204 kid1| Acl.cc(157) matches: checking !AnonymousAccess
2016/12/07 12:35:21.204 kid1| Acl.cc(157) matches: checking AnonymousAccess
2016/12/07 12:35:21.204 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.205 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.205 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.205 kid1| Checklist.cc(115) goAsync: 0xbff3c774 a fast-only directive uses a slow ACL!
2016/12/07 12:35:21.205 kid1| Acl.cc(64) AuthenticateAcl: cannot go async; returning 2
2016/12/07 12:35:21.205 kid1| Checklist.cc(55) markFinished: 0xbff3c774 answer DUNNO for aclMatchExternal exception
2016/12/07 12:35:21.205 kid1| Acl.cc(177) matches: checked: AnonymousAccess = -1
2016/12/07 12:35:21.205 kid1| Acl.cc(177) matches: checked: !AnonymousAccess = -1
2016/12/07 12:35:21.205 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = -1
2016/12/07 12:35:21.205 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = -1
2016/12/07 12:35:21.205 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xbff3c774
2016/12/07 12:35:21.205 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xbff3c774
2016/12/07 12:35:21.205 kid1| client_side.cc(2998) clientParseRequests: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: attempting to parse
2016/12/07 12:35:21.206 kid1| client_side.cc(1696) keepaliveNextRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: calling conn->readNextRequest()
2016/12/07 12:35:21.206 kid1| client_side.cc(1583) readNextRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 reading next req
2016/12/07 12:35:21.206 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall ConnStateData::requestTimeout constructed, this=0xb8fa9f00 [call6909]
2016/12/07 12:35:21.206 kid1| client_side.cc(258) readSomeData: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: reading request...
2016/12/07 12:35:21.206 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall ConnStateData::clientReadRequest constructed, this=0xb8ce51e0 [call6910]
2016/12/07 12:35:21.206 kid1| AsyncCallQueue.cc(53) fireNext: leaving clientWriteComplete(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8fb34a0)
2016/12/07 12:35:21.219 kid1| AsyncCall.cc(85) ScheduleCall: IoCallback.cc(127) will call ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8d2a558, size=877, buf=0xb8f544c8) [call6910]
2016/12/07 12:35:21.219 kid1| AsyncCallQueue.cc(51) fireNext: entering ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8d2a558, size=877, buf=0xb8f544c8)
2016/12/07 12:35:21.219 kid1| AsyncCall.cc(30) make: make call ConnStateData::clientReadRequest [call6910]
2016/12/07 12:35:21.219 kid1| AsyncJob.cc(117) callStart: ConnStateData status in: [ job626]
2016/12/07 12:35:21.219 kid1| client_side.cc(3059) clientReadRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 size 877
2016/12/07 12:35:21.219 kid1| client_side.cc(2998) clientParseRequests: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: attempting to parse
2016/12/07 12:35:21.220 kid1| client_side.cc(2322) parseHttpRequest: parseHttpRequest: req_hdr = {Host: ssl.gstatic.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Proxy-Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAIYAAAAiASIBngAAAAYABgBYAAAADgAOAF4AAAAaABoAbAAAABAAEADAAQAAFYKI4gYBsR0AAAAP8lbbgronMNDmHmnFGIZIWmUAawB0AHUAcwBoAGEAawBvAHYARQBLAFQALQBUAE0ATgAtADgANAA2ADYAOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP+zos1MGF8Dc0zvf7NaLYAQEAAAAAAABqXxF3XFDSAdCDKgdWxN1HAAAAAAIABgBFAEsAVAABABIAQwBPAE4ARABVAEMAVABPAFIABAAWAGUAawB0AC4AbQBiAHIAZAAuAHIAdQADACoAYwBvAG4AZAB1AGMAdABvAHIALgBlAGsAdAAuAG0AYgByAGQALgByAHUABwAIAGpfEXdcUNIBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAAczkE3vvYdX27h5+2ivgbHN3oklNYH/WggxuhTJpW3JCgAQAAAAAAAAAAAAAAAAAAAAAAAJACIASABUAFQAUAAvADEANwAyAC4AMQA3AC4AMQA2AC4AOQA0AAAAAAAAAAAAAAAAAKhetQRTAabjGbTaPGcMTVI=

}
2016/12/07 12:35:21.220 kid1| client_side.cc(2326) parseHttpRequest: parseHttpRequest: end = {
}
2016/12/07 12:35:21.220 kid1| client_side.cc(2330) parseHttpRequest: parseHttpRequest: prefix_sz = 877, req_line_sz = 38
2016/12/07 12:35:21.220 kid1| client_side.cc(2346) parseHttpRequest: parseHttpRequest: Request Header is
Host: ssl.gstatic.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Proxy-Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAIYAAAAiASIBngAAAAYABgBYAAAADgAOAF4AAAAaABoAbAAAABAAEADAAQAAFYKI4gYBsR0AAAAP8lbbgronMNDmHmnFGIZIWmUAawB0AHUAcwBoAGEAawBvAHYARQBLAFQALQBUAE0ATgAtADgANAA2ADYAOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABP+zos1MGF8Dc0zvf7NaLYAQEAAAAAAABqXxF3XFDSAdCDKgdWxN1HAAAAAAIABgBFAEsAVAABABIAQwBPAE4ARABVAEMAVABPAFIABAAWAGUAawB0AC4AbQBiAHIAZAAuAHIAdQADACoAYwBvAG4AZAB1AGMAdABvAHIALgBlAGsAdAAuAG0AYgByAGQALgByAHUABwAIAGpfEXdcUNIBBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAAczkE3vvYdX27h5+2ivgbHN3oklNYH/WggxuhTJpW3JCgAQAAAAAAAAAAAAAAAAAAAAAAAJACIASABUAFQAUAAvADEANwAyAC4AMQA3AC4AMQA2AC4AOQA0AAAAAAAAAAAAAAAAAKhetQRTAabjGbTaPGcMTVI=


2016/12/07 12:35:21.220 kid1| client_side.cc(2367) parseHttpRequest: repare absolute URL from 
2016/12/07 12:35:21.220 kid1| client_side.cc(2404) parseHttpRequest: parseHttpRequest: Complete request received
2016/12/07 12:35:21.220 kid1| client_side.cc(3036) clientParseRequests: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: parsed a request
2016/12/07 12:35:21.220 kid1| client_side.cc(2754) clientProcessRequest: URL domain ssl.gstatic.com:443 overrides header Host: ssl.gstatic.com:443
2016/12/07 12:35:21.220 kid1| client_side.cc(925) clientSetKeepaliveFlag: clientSetKeepaliveFlag: http_ver = 1.1
2016/12/07 12:35:21.220 kid1| client_side.cc(927) clientSetKeepaliveFlag: clientSetKeepaliveFlag: method = CONNECT
2016/12/07 12:35:21.220 kid1| client_side.h(108) mayUseConnection: This 0xb8fb34a0 marked 1
2016/12/07 12:35:21.220 kid1| client_side.cc(2510) connNoteUseOfBuffer: conn->in.notYetUsed = 0
2016/12/07 12:35:21.220 kid1| Checklist.cc(62) preCheck: 0xb8fb11a0 checking slow rules
2016/12/07 12:35:21.220 kid1| Acl.cc(157) matches: checking http_access
2016/12/07 12:35:21.220 kid1| Acl.cc(157) matches: checking http_access#1
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking !Safe_ports
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking Safe_ports
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: Safe_ports = 1
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: !Safe_ports = 0
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: http_access#1 = 0
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking http_access#2
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking CONNECT
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: CONNECT = 1
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking !SSL_ports
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking SSL_ports
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: SSL_ports = 1
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: !SSL_ports = 0
2016/12/07 12:35:21.221 kid1| Acl.cc(177) matches: checked: http_access#2 = 0
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking http_access#3
2016/12/07 12:35:21.221 kid1| Acl.cc(157) matches: checking localhost
2016/12/07 12:35:21.222 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' NOT found
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: localhost = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: http_access#3 = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(157) matches: checking http_access#4
2016/12/07 12:35:21.222 kid1| Acl.cc(157) matches: checking localnet
2016/12/07 12:35:21.222 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' NOT found
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: localnet = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: http_access#4 = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(157) matches: checking http_access#5
2016/12/07 12:35:21.222 kid1| Acl.cc(157) matches: checking manager
2016/12/07 12:35:21.222 kid1| RegexData.cc(71) match: aclRegexData::match: checking 'ssl.gstatic.com:443'
2016/12/07 12:35:21.222 kid1| RegexData.cc(82) match: aclRegexData::match: looking for '(^cache_object://)'
2016/12/07 12:35:21.222 kid1| RegexData.cc(82) match: aclRegexData::match: looking for '(^https?://[^/]+/squid-internal-mgr/)'
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: manager = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: http_access#5 = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(157) matches: checking http_access#6
2016/12/07 12:35:21.222 kid1| Acl.cc(157) matches: checking GlobalWUSites
2016/12/07 12:35:21.222 kid1| DomainData.cc(131) match: aclMatchDomainList: checking 'ssl.gstatic.com'
2016/12/07 12:35:21.222 kid1| DomainData.cc(135) match: aclMatchDomainList: 'ssl.gstatic.com' NOT found
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: GlobalWUSites = 0
2016/12/07 12:35:21.222 kid1| Acl.cc(177) matches: checked: http_access#6 = 0
2016/12/07 12:35:21.223 kid1| Acl.cc(157) matches: checking http_access#7
2016/12/07 12:35:21.223 kid1| Acl.cc(157) matches: checking prioritysites
2016/12/07 12:35:21.223 kid1| DomainData.cc(131) match: aclMatchDomainList: checking 'ssl.gstatic.com'
2016/12/07 12:35:21.223 kid1| DomainData.cc(135) match: aclMatchDomainList: 'ssl.gstatic.com' NOT found
2016/12/07 12:35:21.223 kid1| Acl.cc(177) matches: checked: prioritysites = 0
2016/12/07 12:35:21.223 kid1| Acl.cc(177) matches: checked: http_access#7 = 0
2016/12/07 12:35:21.223 kid1| Acl.cc(157) matches: checking http_access#8
2016/12/07 12:35:21.223 kid1| Acl.cc(157) matches: checking !auth
2016/12/07 12:35:21.223 kid1| Acl.cc(157) matches: checking auth
2016/12/07 12:35:21.223 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.223 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.224 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.224 kid1| AclProxyAuth.cc(143) checkForAsync: checking password via authenticator
2016/12/07 12:35:21.224 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.224 kid1| Acl.cc(62) AuthenticateAcl: returning 2 sending credentials to helper.
2016/12/07 12:35:21.224 kid1| Acl.cc(177) matches: checked: auth = -1 async
2016/12/07 12:35:21.224 kid1| Acl.cc(177) matches: checked: !auth = -1 async
2016/12/07 12:35:21.224 kid1| Acl.cc(177) matches: checked: http_access#8 = -1 async
2016/12/07 12:35:21.224 kid1| Acl.cc(177) matches: checked: http_access = -1 async
2016/12/07 12:35:21.224 kid1| client_side.cc(3046) clientParseRequests: Not parsing new requests, as this request may need the connection
2016/12/07 12:35:21.224 kid1| AsyncJob.cc(146) callEnd: ConnStateData status out: [ job626]
2016/12/07 12:35:21.224 kid1| AsyncCallQueue.cc(53) fireNext: leaving ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8d2a558, size=877, buf=0xb8f544c8)
2016/12/07 12:35:21.234 kid1| UserRequest.cc(285) HandleReply: authenticated user ushakov
2016/12/07 12:35:21.235 kid1| User.cc(101) absorb: auth_user '0xb8fa8038*3' into auth_user '0xb8fa4730'.
2016/12/07 12:35:21.235 kid1| User.cc(14) ~User: doing nothing to clear Negotiate scheme data for '0xb8fa8038'
2016/12/07 12:35:21.235 kid1| User.cc(157) ~User: Freeing auth_user '0xb8fa8038'.
2016/12/07 12:35:21.235 kid1| UserRequest.cc(310) HandleReply: Successfully validated user via Negotiate. Username 'ushakov'
2016/12/07 12:35:21.235 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.235 kid1| InnerNode.cc(87) resumeMatchingAt: checking http_access at 7
2016/12/07 12:35:21.235 kid1| InnerNode.cc(87) resumeMatchingAt: checking http_access#8 at 0
2016/12/07 12:35:21.235 kid1| InnerNode.cc(87) resumeMatchingAt: checking !auth at 0
2016/12/07 12:35:21.235 kid1| Acl.cc(157) matches: checking auth
2016/12/07 12:35:21.235 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.235 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.236 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0xb8faab80'.
2016/12/07 12:35:21.236 kid1| Acl.cc(348) cacheMatchAcl: ACL::cacheMatchAcl: cache hit on acl 'auth' (0xb8b625d8)
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: auth = 1
2016/12/07 12:35:21.236 kid1| InnerNode.cc(90) resumeMatchingAt: checked: !auth = 0
2016/12/07 12:35:21.236 kid1| InnerNode.cc(90) resumeMatchingAt: checked: http_access#8 = 0
2016/12/07 12:35:21.236 kid1| Acl.cc(157) matches: checking http_access#9
2016/12/07 12:35:21.236 kid1| Acl.cc(157) matches: checking BlockedAccess
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: BlockedAccess = 0
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: http_access#9 = 0
2016/12/07 12:35:21.236 kid1| Acl.cc(157) matches: checking http_access#10
2016/12/07 12:35:21.236 kid1| Acl.cc(157) matches: checking allowedsites
2016/12/07 12:35:21.236 kid1| DomainData.cc(131) match: aclMatchDomainList: checking 'ssl.gstatic.com'
2016/12/07 12:35:21.236 kid1| DomainData.cc(135) match: aclMatchDomainList: 'ssl.gstatic.com' NOT found
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: allowedsites = 0
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: http_access#10 = 0
2016/12/07 12:35:21.236 kid1| Acl.cc(157) matches: checking http_access#11
2016/12/07 12:35:21.236 kid1| Acl.cc(157) matches: checking RestrictedAccess
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: RestrictedAccess = 0
2016/12/07 12:35:21.236 kid1| Acl.cc(177) matches: checked: http_access#11 = 0
2016/12/07 12:35:21.237 kid1| Acl.cc(157) matches: checking http_access#12
2016/12/07 12:35:21.237 kid1| Acl.cc(157) matches: checking AnonymousAccess
2016/12/07 12:35:21.237 kid1| Acl.cc(177) matches: checked: AnonymousAccess = 0
2016/12/07 12:35:21.237 kid1| Acl.cc(177) matches: checked: http_access#12 = 0
2016/12/07 12:35:21.237 kid1| Acl.cc(157) matches: checking http_access#13
2016/12/07 12:35:21.237 kid1| Acl.cc(157) matches: checking FullAccess
2016/12/07 12:35:21.237 kid1| Acl.cc(177) matches: checked: FullAccess = 0
2016/12/07 12:35:21.237 kid1| Acl.cc(177) matches: checked: http_access#13 = 0
2016/12/07 12:35:21.237 kid1| Acl.cc(157) matches: checking http_access#14
2016/12/07 12:35:21.237 kid1| Acl.cc(157) matches: checking blockedsites
2016/12/07 12:35:21.237 kid1| DomainData.cc(131) match: aclMatchDomainList: checking 'ssl.gstatic.com'
2016/12/07 12:35:21.237 kid1| DomainData.cc(135) match: aclMatchDomainList: 'ssl.gstatic.com' NOT found
2016/12/07 12:35:21.238 kid1| Acl.cc(177) matches: checked: blockedsites = 0
2016/12/07 12:35:21.238 kid1| Acl.cc(177) matches: checked: http_access#14 = 0
2016/12/07 12:35:21.238 kid1| Acl.cc(157) matches: checking http_access#15
2016/12/07 12:35:21.238 kid1| Acl.cc(157) matches: checking StandardAccess
2016/12/07 12:35:21.238 kid1| Acl.cc(177) matches: checked: StandardAccess = 0
2016/12/07 12:35:21.238 kid1| Acl.cc(177) matches: checked: http_access#15 = 0
2016/12/07 12:35:21.238 kid1| Acl.cc(157) matches: checking http_access#16
2016/12/07 12:35:21.238 kid1| Acl.cc(157) matches: checking all
2016/12/07 12:35:21.238 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' found
2016/12/07 12:35:21.238 kid1| Acl.cc(177) matches: checked: all = 1
2016/12/07 12:35:21.238 kid1| Acl.cc(177) matches: checked: http_access#16 = 1
2016/12/07 12:35:21.238 kid1| InnerNode.cc(90) resumeMatchingAt: checked: http_access = 1
2016/12/07 12:35:21.238 kid1| Checklist.cc(55) markFinished: 0xb8fb11a0 answer DENIED for match
2016/12/07 12:35:21.238 kid1| Checklist.cc(155) checkCallback: ACLChecklist::checkCallback: 0xb8fb11a0 answer=DENIED
2016/12/07 12:35:21.238 kid1| Gadgets.cc(103) aclIsProxyAuth: aclIsProxyAuth: called for all
2016/12/07 12:35:21.238 kid1| Gadgets.cc(108) aclIsProxyAuth: aclIsProxyAuth: returning 0
2016/12/07 12:35:21.238 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xbff3c754
2016/12/07 12:35:21.238 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xbff3c754
2016/12/07 12:35:21.238 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xbff3c754
2016/12/07 12:35:21.238 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xbff3c754
2016/12/07 12:35:21.239 kid1| store_client.cc(349) doCopy: store_client::doCopy: co: 0, hi: 2660
2016/12/07 12:35:21.239 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall clientWriteComplete constructed, this=0xb8cdfb18 [call6913]
2016/12/07 12:35:21.239 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb8fb11a0
2016/12/07 12:35:21.240 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb8fb11a0
2016/12/07 12:35:21.240 kid1| AsyncCall.cc(85) ScheduleCall: IoCallback.cc(127) will call clientWriteComplete(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8fb34a0) [call6913]
2016/12/07 12:35:21.240 kid1| AsyncCallQueue.cc(51) fireNext: entering clientWriteComplete(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8fb34a0)
2016/12/07 12:35:21.240 kid1| AsyncCall.cc(30) make: make call clientWriteComplete [call6913]
2016/12/07 12:35:21.240 kid1| client_side.cc(1943) writeComplete: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, sz 2812, err 0, off 2812, len 2660
2016/12/07 12:35:21.240 kid1| client_side.cc(1964) writeComplete: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 Keeping Alive
2016/12/07 12:35:21.240 kid1| client_side.cc(1626) keepaliveNextRequest: ConnnStateData(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1), Context(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1)
2016/12/07 12:35:21.240 kid1| client_side_request.cc(267) ~ClientHttpRequest: httpRequestFree: ssl.gstatic.com:443
2016/12/07 12:35:21.240 kid1| Checklist.cc(62) preCheck: 0xbff3c774 checking fast ACLs
2016/12/07 12:35:21.240 kid1| Acl.cc(157) matches: checking access_log daemon:/var/log/squid3/access.log
2016/12/07 12:35:21.240 kid1| Acl.cc(157) matches: checking (access_log daemon:/var/log/squid3/access.log line)
2016/12/07 12:35:21.240 kid1| Acl.cc(157) matches: checking !AnonymousAccess
2016/12/07 12:35:21.241 kid1| Acl.cc(157) matches: checking AnonymousAccess
2016/12/07 12:35:21.241 kid1| Acl.cc(177) matches: checked: AnonymousAccess = 0
2016/12/07 12:35:21.241 kid1| Acl.cc(177) matches: checked: !AnonymousAccess = 1
2016/12/07 12:35:21.241 kid1| Acl.cc(177) matches: checked: (access_log daemon:/var/log/squid3/access.log line) = 1
2016/12/07 12:35:21.241 kid1| Acl.cc(177) matches: checked: access_log daemon:/var/log/squid3/access.log = 1
2016/12/07 12:35:21.241 kid1| Checklist.cc(55) markFinished: 0xbff3c774 answer ALLOWED for match
2016/12/07 12:35:21.241 kid1| FilledChecklist.cc(58) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xbff3c774
2016/12/07 12:35:21.242 kid1| Checklist.cc(189) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xbff3c774
2016/12/07 12:35:21.242 kid1| client_side.cc(2998) clientParseRequests: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: attempting to parse
2016/12/07 12:35:21.242 kid1| client_side.cc(1696) keepaliveNextRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: calling conn->readNextRequest()
2016/12/07 12:35:21.242 kid1| client_side.cc(1583) readNextRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 reading next req
2016/12/07 12:35:21.242 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall ConnStateData::requestTimeout constructed, this=0xb8d2a628 [call6916]
2016/12/07 12:35:21.242 kid1| client_side.cc(258) readSomeData: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1: reading request...
2016/12/07 12:35:21.242 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall ConnStateData::clientReadRequest constructed, this=0xb8ce51e0 [call6917]
2016/12/07 12:35:21.242 kid1| AsyncCallQueue.cc(53) fireNext: leaving clientWriteComplete(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8fb34a0)
2016/12/07 12:35:21.254 kid1| AsyncCall.cc(85) ScheduleCall: IoCallback.cc(127) will call ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8d2a558, size=0, buf=0xb8f544c8) [call6917]
2016/12/07 12:35:21.254 kid1| AsyncCallQueue.cc(51) fireNext: entering ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1, data=0xb8d2a558, size=0, buf=0xb8f544c8)
2016/12/07 12:35:21.254 kid1| AsyncCall.cc(30) make: make call ConnStateData::clientReadRequest [call6917]
2016/12/07 12:35:21.254 kid1| AsyncJob.cc(117) callStart: ConnStateData status in: [ job626]
2016/12/07 12:35:21.254 kid1| client_side.cc(3059) clientReadRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 size 0
2016/12/07 12:35:21.254 kid1| client_side.cc(3095) clientReadRequest: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 closed?
2016/12/07 12:35:21.254 kid1| client_side.cc(2492) connFinishedWithConn: local=172.17.16.94:3128 remote=172.17.224.101:64335 FD 10 flags=1 closed
2016/12/07 12:35:21.254 kid1| AsyncCall.cc(85) ScheduleCall: comm.cc(942) will call ConnStateData::connStateClosed(FD -1, data=0xb8d2a558) [call6901]
2016/12/07 12:35:21.254 kid1| AsyncJob.cc(146) callEnd: ConnStateData status out: [ job626]
2016/12/07 12:35:21.254 kid1| AsyncCallQueue.cc(53) fireNext: leaving ConnStateData::clientReadRequest(local=172.17.16.94:3128 remote=172.17.224.101:64335 flags=1, data=0xb8d2a558, size=0, buf=0xb8f544c8)
2016/12/07 12:35:21.254 kid1| AsyncCallQueue.cc(51) fireNext: entering ConnStateData::connStateClosed(FD -1, data=0xb8d2a558)
2016/12/07 12:35:21.254 kid1| AsyncCall.cc(30) make: make call ConnStateData::connStateClosed [call6901]
2016/12/07 12:35:21.254 kid1| AsyncJob.cc(117) callStart: ConnStateData status in: [ job626]
2016/12/07 12:35:21.255 kid1| client_side.cc(864) swanSong: local=172.17.16.94:3128 remote=172.17.224.101:64335 flags=1
2016/12/07 12:35:21.255 kid1| client_side.cc(4661) unpinConnection: 
2016/12/07 12:35:21.255 kid1| client_side.cc(835) setAuth: WARNING: Graceful closure on local=172.17.16.94:3128 remote=172.17.224.101:64335 flags=1 due to connection-auth erase from ConnStateData::SwanSong cleanup
2016/12/07 12:35:21.255 kid1| UserRequest.cc(121) ~UserRequest: freeing request 0xb8faab80
2016/12/07 12:35:21.255 kid1| client_side.cc(4426) stopReceiving: receiving error (local=172.17.16.94:3128 remote=172.17.224.101:64335 flags=1): connection-auth removed; old sending error: none
2016/12/07 12:35:21.255 kid1| client_side.cc(895) ~ConnStateData: local=172.17.16.94:3128 remote=172.17.224.101:64335 flags=1
2016/12/07 12:35:21.255 kid1| AsyncCallQueue.cc(53) fireNext: leaving ConnStateData::connStateClosed(FD -1, data=0xb8d2a558)
2016/12/07 12:51:49 kid1| Logfile: opening log stdio:/var/log/squid3/netdb.state
2016/12/07 12:51:49 kid1| Logfile: closing log stdio:/var/log/squid3/netdb.state
2016/12/07 12:51:49 kid1| NETDB state saved; 0 entries, 0 msec
2016/12/07 13:11:47.976 kid1| User.cc(216) cacheCleanup: Cleaning the user cache now
2016/12/07 13:11:47.976 kid1| User.cc(217) cacheCleanup: Current time: 1481098307
2016/12/07 13:11:47.977 kid1| User.cc(230) cacheCleanup: Cache entry:
	Type: 4
	Username: ushakov
	expires: 1481099721
	references: 2
2016/12/07 13:11:47.977 kid1| User.cc(230) cacheCleanup: Cache entry:
	Type: 2
	Username: ushakov
	expires: 1481099500
	references: 2
2016/12/07 13:11:47.977 kid1| User.cc(244) cacheCleanup: Finished cleaning the user cache.
2016/12/07 13:33:29 kid1| Logfile: opening log stdio:/var/log/squid3/netdb.state
2016/12/07 13:33:29 kid1| Logfile: closing log stdio:/var/log/squid3/netdb.state
2016/12/07 13:33:29 kid1| NETDB state saved; 0 entries, 0 msec
2016/12/07 14:11:47.978 kid1| User.cc(216) cacheCleanup: Cleaning the user cache now
2016/12/07 14:11:47.978 kid1| User.cc(217) cacheCleanup: Current time: 1481101907
2016/12/07 14:11:47.978 kid1| User.cc(230) cacheCleanup: Cache entry:
	Type: 4
	Username: ushakov
	expires: 1481099721
	references: 2
2016/12/07 14:11:47.978 kid1| User.cc(233) cacheCleanup: Removing user ushakov from cache due to timeout.
2016/12/07 14:11:47.979 kid1| User.cc(14) ~User: doing nothing to clear Negotiate scheme data for '0xb8fa4730'
2016/12/07 14:11:47.979 kid1| User.cc(157) ~User: Freeing auth_user '0xb8fa4730'.
2016/12/07 14:11:47.979 kid1| User.cc(230) cacheCleanup: Cache entry:
	Type: 2
	Username: ushakov
	expires: 1481099500
	references: 2
2016/12/07 14:11:47.979 kid1| User.cc(233) cacheCleanup: Removing user ushakov from cache due to timeout.
2016/12/07 14:11:47.979 kid1| User.cc(244) cacheCleanup: Finished cleaning the user cache.
2016/12/07 14:11:47.979 kid1| User.cc(14) ~User: doing nothing to clear NTLM scheme data for '0xb8bf70b8'
2016/12/07 14:11:47.979 kid1| User.cc(157) ~User: Freeing auth_user '0xb8bf70b8'.
2016/12/07 14:23:35 kid1| Logfile: opening log stdio:/var/log/squid3/netdb.state
2016/12/07 14:23:35 kid1| Logfile: closing log stdio:/var/log/squid3/netdb.state
2016/12/07 14:23:35 kid1| NETDB state saved; 0 entries, 0 msec
2016/12/07 15:11:47.980 kid1| User.cc(216) cacheCleanup: Cleaning the user cache now
2016/12/07 15:11:47.980 kid1| User.cc(217) cacheCleanup: Current time: 1481105507
2016/12/07 15:11:47.980 kid1| User.cc(244) cacheCleanup: Finished cleaning the user cache.
2016/12/07 15:13:43 kid1| Logfile: opening log stdio:/var/log/squid3/netdb.state
2016/12/07 15:13:43 kid1| Logfile: closing log stdio:/var/log/squid3/netdb.state
2016/12/07 15:13:43 kid1| NETDB state saved; 0 entries, 0 msec
Последний раз редактировалось fincherling 08 дек 2016 05:24, всего редактировалось 1 раз.
fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Re: Squid проблема с правами.

Сообщение fincherling »

Нашел ошибку: не правильно был указан путь к группа поменял на:
# LDAP authorization
external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=ekt,dc=mbrd,dc=ru" -D squid3@ekt.mbrd.ru -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=EKT,OU=Groups,OU=Security Groups,DC=ekt,DC=mbrd,DC=ru))" -h ekt-dc1.ekt.mbrd.ru



Но после изменения все ровно в интернет не пускает.
fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Re: Squid проблема с правами.

Сообщение fincherling »

Прошу помощи!
Аватара пользователя
Алексей Максимов
Администратор сайта
Сообщения: 572
Зарегистрирован: 14 сен 2012 06:50
Откуда: г.Сыктывкар
Контактная информация:

Re: Squid проблема с правами.

Сообщение Алексей Максимов »

Первое, что вижу:
acl localnet src 172.17.0.0/24 # RFC1918 possible internal network
и
2016/12/07 12:35:21.197 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' NOT found
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: localnet = 0

Дальше, наверно, и смысла смотреть нету.
fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Re: Squid проблема с правами.

Сообщение fincherling »

Исправил сети
acl localnet src 172.17.16.0/24 # RFC1918 possible internal network
acl localnet src 172.17.244.0/24 # RFC1918 possible internal network
Подскажите пожалуйста не совсем понятно почему появляется эта ошибка ?
2016/12/07 12:35:21.197 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:64335' NOT found
2016/12/07 12:35:21.197 kid1| Acl.cc(177) matches: checked: localnet = 0
Аватара пользователя
Алексей Максимов
Администратор сайта
Сообщения: 572
Зарегистрирован: 14 сен 2012 06:50
Откуда: г.Сыктывкар
Контактная информация:

Re: Squid проблема с правами.

Сообщение Алексей Максимов »

Потому что 172.17.224.101 это адрес не входящий в сеть 172.17.0.0/24
Попробуйте использовать более широкие сети, в которые входят ваши клиенты, например 172.16.0.0/12
fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Re: Squid проблема с правами.

Сообщение fincherling »

Изменил подсеть на
acl localnet src 172.0.0.0/8 # RFC1918 possible internal network
перезапустил сервер выходят теже саые ошибки



2016/12/08 13:35:07.648 kid1| Acl.cc(157) matches: checking localhost
2016/12/08 13:35:07.648 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:54089' NOT found
2016/12/08 13:35:07.648 kid1| Acl.cc(177) matches: checked: localhost = 0
2016/12/08 13:35:07.648 kid1| Acl.cc(177) matches: checked: http_access#3 = 0
2016/12/08 13:35:07.649 kid1| Acl.cc(157) matches: checking http_access#4
2016/12/08 13:35:07.649 kid1| Acl.cc(157) matches: checking localnet
2016/12/08 13:35:07.649 kid1| Ip.cc(560) match: aclIpMatchIp: '172.17.224.101:54089' found
fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Re: Squid проблема с правами.

Сообщение fincherling »

подскажите куда копать, могу прислать полный лог. :cry:
Аватара пользователя
Алексей Максимов
Администратор сайта
Сообщения: 572
Зарегистрирован: 14 сен 2012 06:50
Откуда: г.Сыктывкар
Контактная информация:

Re: Squid проблема с правами.

Сообщение Алексей Максимов »

Можете вложить в виде вложения здесь, чтобы вся фактура проблемы была в одном месте.
fincherling
Любопытный
Сообщения: 17
Зарегистрирован: 07 дек 2016 07:47

Re: Squid проблема с правами.

Сообщение fincherling »

Прикрепил лог сквида.
https://drive.google.com/open?id=0B4Oid ... GVlS3ZNRVU
Ответить

Вернуться в «Прокси-сервер Squid»