Title: Authentication on transparent proxy?? RESOLVED! Post by: zelemo on Friday 29 May 2009, 06:17:33 am Hi newbie here.
I've got a very frustrating problem on 2.2rc3. Just installed it, and I've set it up for transparent proxy on HTTP. And when I do, every time anyone goes to any web site, I get the message :- The requested URL could not be retrieved While trying to retrieve the URL: <whatever> The following error was encountered: Unable to forward this request at this time. Sorry, you are not currently allowed to request: <whatever> from this cache until you have authenticated yourself. This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: The cache administrator does not allow this cache to make direct connections to origin servers, and All configured parent caches are currently unreachable. It's driving me mad! It shouldn't have any reference to authentication,as it's transparent. If I bypass the proxy, it's fine. The only thing I've done that's not straight "out-of-the-box" is to replace the standard blacklist with the ones in URLblacklist.com. But that shouldn't have any effect. Suggestions gratefully accepted. Thanks. Title: Re: Authentication on transparent proxy?? Post by: inteq on Friday 29 May 2009, 06:19:31 am Have you added anything in the Proxy config that refer to parent proxies?
If so, delete that. Title: Re: Authentication on transparent proxy?? Post by: zelemo on Friday 29 May 2009, 06:51:20 am Nope. The only thing I can find that is even like that refers to "upstream proxies" but I've left that strictly alone. I'm not using any other proxies apart from this one - normal access for web sites is "direct connection" which just uses the default gateway which is the firewall and is meant to use the transparent proxy.
Apart from the urlblacklist, I've touched NO config files - just installed and configured it via the web interface. Title: Re: Authentication on transparent proxy?? Post by: inteq on Friday 29 May 2009, 10:42:12 am Stupid question, but the PCs behind the proxy are on the same subnet as the green interface?
Title: Re: Authentication on transparent proxy?? Post by: zelemo on Friday 29 May 2009, 03:52:31 pm No, it's a fair question and yes they are. If I switch from "transparent" to "disabled" it all springs into life. That's how it's set up at the moment, and how I'm replying to you now.
It did actually work for a of days...I'm going to try switching back to the original blacklist. Can't see why that should make ANY difference.... Title: Re: Authentication on transparent proxy?? RESOLVED! Post by: zelemo on Saturday 30 May 2009, 07:22:36 am OK - it's fixed.
It WAS to do with the new blacklist from URLBlacklist. I'd installed the new blacklist, but it was still sorted. And it seems that dansguardian is extremely bad at dealing with sorted lists - it puts the firewall CPU up to 100% and stays there for a LONG time. I never actually had enough patience to confirm whether it finished or not. BUT....while it was in that state, it wouldn't deal with requests through the proxy. (I only have a little 386 machine with a mere 256K of RAM, so it was probably struggling...). So I took the advice of the URLBlacklist site and rl'd all the files. Blacklist now works, dansguardian runs in seconds when it starts and everything is hunky dory. Hope this helps someone else who runs into this problem. Title: Re: Authentication on transparent proxy?? RESOLVED! Post by: inteq on Saturday 30 May 2009, 08:31:14 am Now that is one machine spec I haven't seen in ages :)
You must be very patient.... Title: Re: Authentication on transparent proxy?? RESOLVED! Post by: zelemo on Saturday 30 May 2009, 08:30:00 pm Actually, that's a typo. Even I don't have any 386 machines lying around any more. It's a Pentium III.
It was sitting in the corner doing nothing, so I thought I'd try installing Endian on it. For just two or three users, it works fine (so long as you don't use the phrase-matching content filter!); I've got a 10M cable connection and I get 9.5M through the firewall....so that's great. Having said all that, I have actually ordered a Pentium 4 with a gig of RAM from good ol' eBay, which should ensure I don't even get close to running out of ooomph. |