Ubuntu

403 error when using a non-cached repository

Reported by Lionel Dricot on 2010-03-24
142
This bug affects 28 people
Affects Status Importance Assigned to Milestone
squid-deb-proxy (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: squid-deb-proxy

If you use squid-deb-proxy and have, in your sources.list, a repository not cached by that squid-deb-proxy, you will receive a 403 error :

"not only rely on the proxy, but use raw HTTP(s) if the proxy gives a 403." (Daniel Holbach )

Jorge O. Castro (jorge) on 2010-03-26
Changed in squid-deb-proxy (Ubuntu):
status: New → Confirmed
assignee: nobody → Michael Vogt (mvo)
Id2ndR (id2ndr) wrote :

I changed the configuration file /etc/squid-deb-proxy/squid-deb-proxy.conf like this:

# and only to ubuntu
-http_access deny !to_ubuntu_mirrors
+#http_access deny !to_ubuntu_mirrors
+cache deny !to_ubuntu_mirrors
+http_access allow !to_ubuntu_mirrors

It seems to be the expected behavior.

Changed in squid-deb-proxy (Ubuntu):
importance: Undecided → Low

What is the status of this now? If this bug still exists, this makes it hard to use on LANs with several users, as a few are likely to have repositories not cached by the proxy. The beauty of squid-deb-proxy seems to be that it needs no client-side configuration - if the administrator sends mails to people on the LAN (who might be non-technical users) saying "if you have blah blah blah, please edit such and such configuration file", it really spoils things. Some things like Dropbox and the Google Talk plugin automatically add repositories, and a non-technical user may not even know what a repository is! squid-deb-proxy should _just work_ for the clients.

Dmitry Andreychuk (and-dmitry) wrote :

As for 0.5.2 (from oneiric) this problem still persists.
Also the comments in squid-deb-proxy.conf are seem to be wrong:

# allow access only to official ubuntu mirrors
# uncomment the third and fouth line to permit any unlisted domain
http_access deny !to_ubuntu_mirrors
#http_access allow !to_ubuntu_mirrors

The third line is uncommented in the default config. If I uncomment the fourth line too, it won't change anything, because squid will deny access to unofficial repository at the third line and will never get to the fourth.
The comments for caching look incorrect too for the same reason:

# don't cache domains not listed in the mirrors file
# uncomment the third and fourth line to cache any unlisted domains
cache deny !to_ubuntu_mirrors
#cache allow !to_ubuntu_mirrors

To allow access to unofficial repositories you should comment the third line and there is no need to uncomment the fourth because both official and unofficial repositories will be allowed by this line:
http_access allow allowed_networks
But according to comment https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/804267/comments/1 this will make your proxy allow access to any site (not just repository) . I configured my browser to use it and it worked.

I'm new to squid so please correct me if I'm wrong.

@Prateek, there is still no client-side configuration required, squid-deb-proxy.conf is a server config.

Changed in squid-deb-proxy (Ubuntu):
assignee: Michael Vogt (mvo) → Dmitrijs Ledkovs (xnox)
Changed in squid-deb-proxy (Ubuntu):
assignee: Dmitrijs Ledkovs (xnox) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers