Posted by: Ian | November 5, 2009

Squid access.log TCP_DENIED explainations

Just yesterday I had to diagnose some squid errors as some users couldn’t get to certain websites. Upon checking through the access.log there were a few TCP_Misses. I found some useful explanations for common Squid log messages:

If it’s TCP_DENIED/407 then your proxy is set up to use some form of authentication and the authentication is failing. Either an automated update tool doesn’t have the credentials to use or a user has forgotten their username/password. This is usually solved when the user tells you they can’t access the internet, or their auto-update is failing.

If it’s TCP_DENIED/400 then the syntax of the request was wrong. With this you might also see something like "error:invalid-request" or "error:unsupported-request-method". The user (or a link on a web page) did something wrong – look at the entries after these and see if there is a successful request.

If it’s TCP_DENIED/401 then the page requires authorisation. There’s probably an entry after these where they authenticated themselves. If there isn’t they probably don’t have a username/password for the site – it’s not really your problem (unless it’s your site).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: