How to bypass squid for accessing website.

gardenair · 04-28-2011, 03:59 AM

Hi,
I am using squid 2.6 (as a proxy server) in my cent os 5 box.The clients computers are factehing the web pages successfully. The firewall (IPTABLES) are already disabled.

The problem is we have an internal web based application by which the users add the data in it. when the user type the ip address in the browser i.e http://10.1.7.21:81/mis squid shows

Code:

ERROR

The requested URL could not be retrieved

While trying to retrieve the URL: http://10.1.7.21:81/mis/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.

We have another proxy server MS ISA 2006 and by changing proxy from Linux squid to MS ISA we can access the page.

This means that squid does not understand the address as given in the error message.

Kindly help me
thanks
garden

zhjim · 04-28-2011, 04:13 PM

Quote:

Originally Posted by gardenair

Code:

ERROR

The requested URL could not be retrieved

While trying to retrieve the URL: http://10.1.7.21:81/mis/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.

This means that squid does not understand the address as given in the error message.

Squid understands the address it just denies the access. Maybe this can help you out.

http://www.howtoforge.com/linux_secure_browsing_squid

gardenair · 04-29-2011, 01:14 AM

thanks for the reply. Well if we add the IP address in exception then ...? But the thing is how to add the IP address in the exception. MY Linux Firewall is disable. If I enable IPTABLES internet will stop.
I am not expert in IP TABLES hope this forum will guide me how to add rules .
thanks

zhjim · 04-29-2011, 01:16 AM

See what does what. Iptables is another thing, first get squid setup right cause it's squid making the trouble. Did you check out the link I gave you? As I'm not familary with squid i'm of no help there just wanted to get you on the right track.

gardenair · 04-29-2011, 06:19 AM

thanks again for the reply. Well I have visited the site and it is not such kind of issue. The squid is working perfact. It is really a

for me.
zhjim as you mentionded in your post "Squid understands the address it just denies the access" why squid is denying to access the page though the IPTABLES is off

garden

zhjim · 04-29-2011, 07:58 AM

Quote:

Originally Posted by gardenair

thanks again for the reply. Well I have visited the site and it is not such kind of issue. The squid is working perfact. It is really a

for me.

I just took the link of a page that described a similar problem but did not read it.

Quote:

Originally Posted by gardenair

zhjim as you mentionded in your post "Squid understands the address it just denies the access" why squid is denying to access the page though the IPTABLES is off

Just take the problem apart. Iptables is not your problem here. It's the configuration of squid itself. You have to allow or deny certain pages inside the squid.conf file. (If you have it handy please post it).
I just took a quick look at the acl (access list) of the squid manual. Maybe something like this will work

Code:

acl allow dst 10.1.7.21:81

Dunno if this is the right syntax.

But another thing came to my attention. The address that is denied is on port 81. And you possible do not allow this port to be accessed through squid.
I never used squid so I might miss something more. But what I can tell you is that the configuration of squid itself denies the access to the site.

To be more helpful please post your squid.conf file

gardenair · 05-01-2011, 11:48 PM

Again zhjim thanks for the reply. Well the squid.conf file is attached here with the post in text formate.

regards,
garden

zhjim · 05-09-2011, 04:23 AM

Hi gardenair,

took me some time, but now got my head around it.
As I thought you did not configure port 81 to be allowed by squid. It's near to the bottom of the config file add this to your config and restart squid

Code:

acl Safe_ports port 81		# http2

safe_ports are those that squid allow to be accessed through it. Try and tell me whats the outcome

gardenair · 05-09-2011, 06:22 AM

thanks for the reply. Well can You identify under which directive should I add ? i am fail to search its proper location

acl Safe_ports port 81 # http2

While squid is running how can I make the changes? Is there any command that in run time i can make changes or I stop my squid and then do changes in it?

garden

zhjim · 05-10-2011, 01:18 AM

Quote:

Originally Posted by gardenair

thanks for the reply. Well can You identify under which directive should I add ? i am fail to search its proper location

acl Safe_ports port 81 # http2

Just Scroll all the way down in your squid.conf and then hit Page-Up three times. Then you should see similar lines. Just put it after the line with port 80.

Quote:

Originally Posted by gardenair

While squid is running how can I make the changes? Is there any command that in run time i can make changes or I stop my squid and then do changes in it?

Normaly Linux services don't change their config during runtime so you can just edit the config file and then restart the service via the files in /etc/init.d

To sum it up
1. Add the line to your squid.conf
2. restart service via /etc/init.d/squid restart

dunno if /etc/init.d/squid is the right file but with a ls of the /etc/init.d directory you should fairly easy see the right file.

win32sux · 05-10-2011, 01:53 AM

Also keep in mind that allowing access to port 81 for everything might not be your intent at all. I mean, it sounds like you really only need to allow it for that specific IP, in which case you can be specific, if you wish. For example:

Code:

acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
http_access allow webapp_port webapp_ip

To reload the configuration you can do a:

Code:

squid -k reconfigure

gardenair · 05-10-2011, 04:03 AM

thanks "win32sux" and "zhjim" for your guidance.I have done the things as you mentioned in the post but still no success

Yes this is a specific web based application in which we want to access it.In the the client side they are using private IP address like 10.1.50.1

garden

zhjim · 05-10-2011, 04:36 AM

Whats the error message? Still access denied? Did you restart squid?

@win32sux is the http_access line correct? Your first put the port and then the ip. But I also dunno how squid handles those lines.

gardenair · 05-10-2011, 05:06 AM

the error message is same as i post in my 1st post. I take all steps correct. Squid is working fine but with http://10.1.7.21:81/mis it show error message.Please see my 1st post.

thanks
garden

shqnayaz · 05-10-2011, 05:59 AM

Hi there!,

So well, by default squid cannot allow access for the given port, it can handle requests on 80, 443, 21.. etc http://10.1.7.21:81, Since you are running application to custom port 81.
add entry in squid.conf acl's were it says acl Safe_ports 80 # http or make a simillar copy of acl entry for Safe_ports for port 81 and you no need to give http access for this acl once again. Since already there will be an entry to allow Safe_ports access in squid.conf by default.