403 error when using a non-cached repository

Bug #545830 reported by Lionel Dricot on 2010-03-24
This bug affects 39 people
Affects Status Importance Assigned to Milestone
squid-deb-proxy (Ubuntu)

Bug Description

Binary package hint: squid-deb-proxy

If you use squid-deb-proxy and have, in your sources.list, a repository not cached by that squid-deb-proxy, you will receive a 403 error :

"not only rely on the proxy, but use raw HTTP(s) if the proxy gives a 403." (Daniel Holbach )

Related branches

Jorge Castro (jorge) on 2010-03-26
Changed in squid-deb-proxy (Ubuntu):
status: New → Confirmed
assignee: nobody → Michael Vogt (mvo)
Id2ndR (id2ndr) wrote :

I changed the configuration file /etc/squid-deb-proxy/squid-deb-proxy.conf like this:

# and only to ubuntu
-http_access deny !to_ubuntu_mirrors
+#http_access deny !to_ubuntu_mirrors
+cache deny !to_ubuntu_mirrors
+http_access allow !to_ubuntu_mirrors

It seems to be the expected behavior.

Changed in squid-deb-proxy (Ubuntu):
importance: Undecided → Low

What is the status of this now? If this bug still exists, this makes it hard to use on LANs with several users, as a few are likely to have repositories not cached by the proxy. The beauty of squid-deb-proxy seems to be that it needs no client-side configuration - if the administrator sends mails to people on the LAN (who might be non-technical users) saying "if you have blah blah blah, please edit such and such configuration file", it really spoils things. Some things like Dropbox and the Google Talk plugin automatically add repositories, and a non-technical user may not even know what a repository is! squid-deb-proxy should _just work_ for the clients.

Dmitry Andreychuk (and-dmitry) wrote :

As for 0.5.2 (from oneiric) this problem still persists.
Also the comments in squid-deb-proxy.conf are seem to be wrong:

# allow access only to official ubuntu mirrors
# uncomment the third and fouth line to permit any unlisted domain
http_access deny !to_ubuntu_mirrors
#http_access allow !to_ubuntu_mirrors

The third line is uncommented in the default config. If I uncomment the fourth line too, it won't change anything, because squid will deny access to unofficial repository at the third line and will never get to the fourth.
The comments for caching look incorrect too for the same reason:

# don't cache domains not listed in the mirrors file
# uncomment the third and fourth line to cache any unlisted domains
cache deny !to_ubuntu_mirrors
#cache allow !to_ubuntu_mirrors

To allow access to unofficial repositories you should comment the third line and there is no need to uncomment the fourth because both official and unofficial repositories will be allowed by this line:
http_access allow allowed_networks
But according to comment https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/804267/comments/1 this will make your proxy allow access to any site (not just repository) . I configured my browser to use it and it worked.

I'm new to squid so please correct me if I'm wrong.

@Prateek, there is still no client-side configuration required, squid-deb-proxy.conf is a server config.

Changed in squid-deb-proxy (Ubuntu):
assignee: Michael Vogt (mvo) → Dmitrijs Ledkovs (xnox)
Changed in squid-deb-proxy (Ubuntu):
assignee: Dmitrijs Ledkovs (xnox) → nobody
Brandon Bradley (blbradley) wrote :


I can confirm that the comments in squid-deb-proxy.conf are wrong. Here's exactly what I did to allow other hosts so others can see:

# allow access only to official archive mirrors
# uncomment the third and fouth line to permit any unlisted domain
#http_access deny !to_archive_mirrors
http_access allow !to_archive_mirrors

# don't cache domains not listed in the mirrors file
# uncomment the third and fourth line to cache any unlisted domains
#cache deny !to_archive_mirrors
cache allow !to_archive_mirrors

--- end

Thanks for mentioning the comments were wrong.


Brandon Bradley (blbradley) wrote :

Note: That was on Debian, so adjust 'to_archive_mirrors' accordingly.

Brandon Bradley (blbradley) wrote :

Sorry, that just bypasses the cache complete. Still a bug I suppose.

Christopher Armstrong (radix) wrote :

it would be really nice if squid-deb-proxy would read the apt sources configured on the host and allow connections to any of them (by default or as a special configuration option).

Andreas Hasenack (ahasenack) wrote :

This is fix released, I just checked.

Changed in squid-deb-proxy (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers