LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-28-2011, 04:59 AM   #1
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Rep: Reputation: 31
How to bypass squid for accessing website.


Hi,
I am using squid 2.6 (as a proxy server) in my cent os 5 box.The clients computers are factehing the web pages successfully. The firewall (IPTABLES) are already disabled.

The problem is we have an internal web based application by which the users add the data in it. when the user type the ip address in the browser i.e http://10.1.7.21:81/mis squid shows
Code:
ERROR

The requested URL could not be retrieved

While trying to retrieve the URL: http://10.1.7.21:81/mis/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.
We have another proxy server MS ISA 2006 and by changing proxy from Linux squid to MS ISA we can access the page.

This means that squid does not understand the address as given in the error message.

Kindly help me
thanks
garden

Last edited by gardenair; 04-28-2011 at 07:46 AM. Reason: To meaningful the question
 
Old 04-28-2011, 05:13 PM   #2
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Quote:
Originally Posted by gardenair View Post
Code:
ERROR

The requested URL could not be retrieved

While trying to retrieve the URL: http://10.1.7.21:81/mis/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.
This means that squid does not understand the address as given in the error message.
Squid understands the address it just denies the access. Maybe this can help you out.

http://www.howtoforge.com/linux_secure_browsing_squid
 
Old 04-29-2011, 02:14 AM   #3
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Original Poster
Rep: Reputation: 31
thanks for the reply. Well if we add the IP address in exception then ...? But the thing is how to add the IP address in the exception. MY Linux Firewall is disable. If I enable IPTABLES internet will stop.
I am not expert in IP TABLES hope this forum will guide me how to add rules .
thanks

Last edited by gardenair; 04-29-2011 at 02:16 AM.
 
Old 04-29-2011, 02:16 AM   #4
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
See what does what. Iptables is another thing, first get squid setup right cause it's squid making the trouble. Did you check out the link I gave you? As I'm not familary with squid i'm of no help there just wanted to get you on the right track.
 
Old 04-29-2011, 07:19 AM   #5
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Original Poster
Rep: Reputation: 31
thanks again for the reply. Well I have visited the site and it is not such kind of issue. The squid is working perfact. It is really a for me.
zhjim as you mentionded in your post "Squid understands the address it just denies the access" why squid is denying to access the page though the IPTABLES is off

garden

Last edited by gardenair; 04-29-2011 at 07:24 AM.
 
Old 04-29-2011, 08:58 AM   #6
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Quote:
Originally Posted by gardenair View Post
thanks again for the reply. Well I have visited the site and it is not such kind of issue. The squid is working perfact. It is really a for me.
I just took the link of a page that described a similar problem but did not read it.

Quote:
Originally Posted by gardenair View Post
zhjim as you mentionded in your post "Squid understands the address it just denies the access" why squid is denying to access the page though the IPTABLES is off
Just take the problem apart. Iptables is not your problem here. It's the configuration of squid itself. You have to allow or deny certain pages inside the squid.conf file. (If you have it handy please post it).
I just took a quick look at the acl (access list) of the squid manual. Maybe something like this will work
Code:
acl allow dst 10.1.7.21:81
Dunno if this is the right syntax.

But another thing came to my attention. The address that is denied is on port 81. And you possible do not allow this port to be accessed through squid.
I never used squid so I might miss something more. But what I can tell you is that the configuration of squid itself denies the access to the site.

To be more helpful please post your squid.conf file
 
Old 05-02-2011, 12:48 AM   #7
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Original Poster
Rep: Reputation: 31
Again zhjim thanks for the reply. Well the squid.conf file is attached here with the post in text formate.

regards,
garden
Attached Files
File Type: txt squid.conf.txt (109.8 KB, 28 views)
 
Old 05-09-2011, 05:23 AM   #8
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Hi gardenair,

took me some time, but now got my head around it.
As I thought you did not configure port 81 to be allowed by squid. It's near to the bottom of the config file add this to your config and restart squid

Code:
acl Safe_ports port 81		# http2
safe_ports are those that squid allow to be accessed through it. Try and tell me whats the outcome
 
1 members found this post helpful.
Old 05-09-2011, 07:22 AM   #9
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Original Poster
Rep: Reputation: 31
thanks for the reply. Well can You identify under which directive should I add ? i am fail to search its proper location
acl Safe_ports port 81 # http2

While squid is running how can I make the changes? Is there any command that in run time i can make changes or I stop my squid and then do changes in it?

garden
 
Old 05-10-2011, 02:18 AM   #10
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Quote:
Originally Posted by gardenair View Post
thanks for the reply. Well can You identify under which directive should I add ? i am fail to search its proper location
acl Safe_ports port 81 # http2
Just Scroll all the way down in your squid.conf and then hit Page-Up three times. Then you should see similar lines. Just put it after the line with port 80.
Quote:
Originally Posted by gardenair View Post
While squid is running how can I make the changes? Is there any command that in run time i can make changes or I stop my squid and then do changes in it?
Normaly Linux services don't change their config during runtime so you can just edit the config file and then restart the service via the files in /etc/init.d

To sum it up
1. Add the line to your squid.conf
2. restart service via /etc/init.d/squid restart

dunno if /etc/init.d/squid is the right file but with a ls of the /etc/init.d directory you should fairly easy see the right file.
 
Old 05-10-2011, 02:53 AM   #11
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Also keep in mind that allowing access to port 81 for everything might not be your intent at all. I mean, it sounds like you really only need to allow it for that specific IP, in which case you can be specific, if you wish. For example:
Code:
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
http_access allow webapp_port webapp_ip
To reload the configuration you can do a:
Code:
squid -k reconfigure
 
Old 05-10-2011, 05:03 AM   #12
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Original Poster
Rep: Reputation: 31
thanks "win32sux" and "zhjim" for your guidance.I have done the things as you mentioned in the post but still no success

Yes this is a specific web based application in which we want to access it.In the the client side they are using private IP address like 10.1.50.1

garden
 
Old 05-10-2011, 05:36 AM   #13
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,467
Blog Entries: 11

Rep: Reputation: 184Reputation: 184
Whats the error message? Still access denied? Did you restart squid?

@win32sux is the http_access line correct? Your first put the port and then the ip. But I also dunno how squid handles those lines.
 
Old 05-10-2011, 06:06 AM   #14
gardenair
Member
 
Registered: Oct 2004
Location: LH
Posts: 578

Original Poster
Rep: Reputation: 31
the error message is same as i post in my 1st post. I take all steps correct. Squid is working fine but with http://10.1.7.21:81/mis it show error message.Please see my 1st post.

thanks
garden
 
Old 05-10-2011, 06:59 AM   #15
shqnayaz
LQ Newbie
 
Registered: Sep 2009
Location: Bangalore
Distribution: RedHat Fedora Centos
Posts: 9

Rep: Reputation: 1
Hi there!,

So well, by default squid cannot allow access for the given port, it can handle requests on 80, 443, 21.. etc http://10.1.7.21:81, Since you are running application to custom port 81.
add entry in squid.conf acl's were it says acl Safe_ports 80 # http or make a simillar copy of acl entry for Safe_ports for port 81 and you no need to give http access for this acl once again. Since already there will be an entry to allow Safe_ports access in squid.conf by default.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Trying to make local web page accessible from internet (IP question) SkyerSK Linux - Newbie 8 12-27-2010 01:43 PM
Could not retrieve local web page, Squid vincent.dang Linux - Newbie 2 07-27-2010 07:01 PM
Configuration of web based application in linux mobassir Linux - Networking 4 04-23-2009 03:25 AM
web based Forms application lothario Linux - Software 3 01-27-2008 01:19 AM
Web Based Jukebox with local playback only shanghai1979 Linux - Software 4 09-13-2007 02:26 AM


All times are GMT -5. The time now is 07:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration