LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-10-2008, 09:50 PM   #1
ifeatu
Member
 
Registered: Sep 2008
Distribution: Fedora 9
Posts: 68

Rep: Reputation: 15
Squid blocking all traffic access


I know Squid by default blocks all traffic access but I'm not sure what settings to edit if someone could take a look at the settings I have attempted to make changes on and let me know if I'm on the right track ...here is a snippet from squid.conf


One question though…squid still refuses all of my traffic for some reason here is my current http_access config…any suggestions?

Code:
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
#http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
# http_access deny CONNECT !SSL_ports
 
Old 11-10-2008, 09:58 PM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Check what it's listening on with

netstat -nalp | grep :3128

or similar
 
Old 11-10-2008, 10:04 PM   #3
ifeatu
Member
 
Registered: Sep 2008
Distribution: Fedora 9
Posts: 68

Original Poster
Rep: Reputation: 15
Listening

yeah its definately listening...

Code:
ifeatu@ubuntu:/etc/squid$ sudo netstat -nalp | grep :3128
[sudo] password for ifeatu:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      12384/(squid)
ifeatu@ubuntu:/etc/squid$
here is the error I get when I redirect all firefox traffic thru the proxy...
Code:
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://192.168.1.1/Forward.htm

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. 

Your cache administrator is webmaster.
Generated Tue, 11 Nov 2008 03:56:53 GMT by ubuntu.localdomain (squid/2.6.STABLE18)
 
Old 11-10-2008, 10:26 PM   #4
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Try something like

Code:
acl our_networks src 192.168.1.0/24
http_access allow our_networks
http_access deny to_localhost
before the final deny all
 
Old 11-11-2008, 05:51 AM   #5
ifeatu
Member
 
Registered: Sep 2008
Distribution: Fedora 9
Posts: 68

Original Poster
Rep: Reputation: 15
Listening

yeah its definately listening...

Code:
ifeatu@ubuntu:/etc/squid$ sudo netstat -nalp | grep :3128
[sudo] password for ifeatu:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      12384/(squid)
ifeatu@ubuntu:/etc/squid$
here is the error I get when I redirect all firefox traffic thru the proxy...
Code:
ifeatu@ubuntu:/etc/squid$ sudo netstat -nalp | grep :3128
[sudo] password for ifeatu:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      12384/(squid)
ifeatu@ubuntu:/etc/squid$
 
Old 11-11-2008, 02:01 PM   #6
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Would you like to correct the previous post an include the errors?
 
Old 11-11-2008, 02:56 PM   #7
ifeatu
Member
 
Registered: Sep 2008
Distribution: Fedora 9
Posts: 68

Original Poster
Rep: Reputation: 15
I did

Yes I did correct the previous post, but instead of the system correcting the post it created an alternate post for which I was reprimanded by the web admin for this site...you should advise them to take the "edit" feature from newly submitted posts as it doesnt work properly.
 
Old 11-11-2008, 03:03 PM   #8
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
It does usually, unless you are over enthusiastic about hitting buttons (and we all do that sometimes).

What errors are you getting since you added the ACL? Post #5 doesn't show the errors
 
Old 11-11-2008, 03:27 PM   #9
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Have you read through http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid ?
 
  


Reply

Tags
configuration, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SQUID for blocking yahoo and msn [inc squid.conf] chrisfirestar Linux - Security 10 03-03-2008 08:33 AM
Blocking all traffic from a particular IP rookiepaul Linux - Security 7 03-25-2006 03:14 AM
iptables blocking traffic JJX Linux - Networking 4 11-07-2005 05:36 AM
controlling access through squid( blocking all sites except for one) jomy Linux - Networking 1 12-15-2004 06:27 AM
Blocking traffic fugzi Linux - Networking 2 12-04-2004 03:31 PM


All times are GMT -5. The time now is 11:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration