LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-27-2008, 08:25 PM   #1
laroseengineer
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Rep: Reputation: 0
Squid Access Denied


I have a server running a squid proxy serverand iptables setup through webmin. My client computers get an access denied error with a refernence to acl problems. I have setup the debug level and checked the cahce.log files but I can't see which acl is causing the problem. Here is my squid.conf file.

http_port 192.168.1.111:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
debug_options ALL,1, 32,2
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
acl lan src 192.168.1.0/24
http_access allow lan
http_access deny !Safe_ports
http_access allow CONNECT SSL_PORTS
http_access deny purge
http_access allow purge localhost
http_access deny manager
http_access allow all manager localhost
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user administrator
cache_effective_group administrator
visible_hostname geekserver1.engineeringgeek.com
coredump_dir /var/spool/squid

Any help is appreciated. I am sure it is something simple that I am overlooking.
 
Old 02-27-2008, 08:33 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
Have you looked in Squid's access log (it's separate to the cache.log)? It should show you which URLs are being blocked and which clients are requesting them. Based on your conf file, it looks like anyone with a 192.168.1. address should be able to access http:// URLs...
 
Old 02-28-2008, 05:51 AM   #3
laroseengineer
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Yes, I have looked in the access.log. I can ping a website just fine but I get the squid access denied page. I can see which client is getting the error which is a 403. Maybe the firewall is the culprit?
 
Old 02-28-2008, 06:17 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
I don't think it's a firewall issue. The 403 response means that the web server received the request but refused to fulfill it. I'd start squid in debug mode, try it again and then check the logs to see which ACL is blocking access.
 
Old 02-28-2008, 06:53 PM   #5
laroseengineer
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Original Poster
Rep: Reputation: 0
I did run it in debug mode but the errors in the logs don't point to any specific acl. Maybe I am not doing it correctly. I have used:

squid -NCd10 (cli)
squid -z (cli)
debug_options ALL,1, 32,2 (in the config file)

Do you have any other suggestions or alternative debug modes? For some reason the cache.log and access.log files don't help or I just don't know how to read them correctly.
 
Old 02-28-2008, 08:34 PM   #6
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
You should be able to change debug_options to ALL,9 or to start squid with:
Code:
squid -k debug
The debug_options setting isn't very well documented - or if it is, I couldn't find the info on it.
 
Old 02-28-2008, 09:00 PM   #7
laroseengineer
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Now that is better for debugging. Here is a tail | grep acl

The box I am trying to get on to the internet is 192.168.1.105. Any ideas? It looks like the aclMatchIp is found then it is NOT found. Also, check out the bottom post with regex.

2008/02/28 20:57:28| aclCheckFast: list: 0x82aa720
2008/02/28 20:57:28| aclMatchAclList: checking all
2008/02/28 20:57:28| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:28| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:28| aclMatchAclList: no match, returning 0
2008/02/28 20:57:28| aclCheckFast: no matches, returning: 1
2008/02/28 20:57:28| aclCheck: checking 'http_access deny all'
2008/02/28 20:57:28| aclMatchAclList: checking all
2008/02/28 20:57:28| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:28| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:28| aclMatchAclList: no match, returning 0
2008/02/28 20:57:28| aclCheck: checking 'http_access allow geek_net'
2008/02/28 20:57:28| aclMatchAclList: checking geek_net
2008/02/28 20:57:28| aclMatchAcl: checking 'acl geek_net src 192.168.1.0/24'
2008/02/28 20:57:28| aclMatchIp: '192.168.1.105' found
2008/02/28 20:57:28| aclMatchAclList: returning 1
2008/02/28 20:57:28| aclCheck: match found, returning 1
2008/02/28 20:57:28| aclCheckCallback: answer=1
2008/02/28 20:57:28| aclCheck: checking 'cache deny QUERY'
2008/02/28 20:57:28| aclMatchAclList: checking QUERY
2008/02/28 20:57:28| aclMatchAcl: checking 'acl QUERY urlpath_regex cgi-bin \?'
2008/02/28 20:57:28| aclMatchRegex: checking '/search?'
2008/02/28 20:57:28| aclMatchRegex: looking for 'cgi-bin'
2008/02/28 20:57:28| aclMatchRegex: looking for '\?'
2008/02/28 20:57:28| aclMatchRegex: match '\?' found in '/search?'
2008/02/28 20:57:28| aclMatchAclList: returning 1
2008/02/28 20:57:28| aclCheck: match found, returning 0
2008/02/28 20:57:28| aclCheckCallback: answer=0
2008/02/28 20:57:28| aclCheckFast: list: (nil)
2008/02/28 20:57:28| aclCheckFast: no matches, returning: 1
2008/02/28 20:57:28| aclCheckFast: list: 0x82aa838
2008/02/28 20:57:28| aclMatchAclList: checking all
2008/02/28 20:57:28| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:28| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:28| aclMatchAclList: no match, returning 0
2008/02/28 20:57:28| aclCheckFast: no matches, returning: 0
2008/02/28 20:57:28| aclCheck: checking 'http_reply_access allow all'
2008/02/28 20:57:28| aclMatchAclList: checking all
2008/02/28 20:57:28| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:28| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:28| aclMatchAclList: no match, returning 0
2008/02/28 20:57:28| aclCheck: NO match found, returning 0
2008/02/28 20:57:28| aclCheckCallback: answer=0
2008/02/28 20:57:33| aclCheckFast: list: 0x82aa720
2008/02/28 20:57:33| aclMatchAclList: checking all
2008/02/28 20:57:33| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:33| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:33| aclMatchAclList: no match, returning 0
2008/02/28 20:57:33| aclCheckFast: no matches, returning: 1
2008/02/28 20:57:33| aclCheck: checking 'http_access deny all'
2008/02/28 20:57:33| aclMatchAclList: checking all
2008/02/28 20:57:33| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:33| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:33| aclMatchAclList: no match, returning 0
2008/02/28 20:57:33| aclCheck: checking 'http_access allow geek_net'
2008/02/28 20:57:33| aclMatchAclList: checking geek_net
2008/02/28 20:57:33| aclMatchAcl: checking 'acl geek_net src 192.168.1.0/24'
2008/02/28 20:57:33| aclMatchIp: '192.168.1.105' found
2008/02/28 20:57:33| aclMatchAclList: returning 1
2008/02/28 20:57:33| aclCheck: match found, returning 1
2008/02/28 20:57:33| aclCheckCallback: answer=1
2008/02/28 20:57:33| aclCheck: checking 'cache deny QUERY'
2008/02/28 20:57:33| aclMatchAclList: checking QUERY
2008/02/28 20:57:33| aclMatchAcl: checking 'acl QUERY urlpath_regex cgi-bin \?'
2008/02/28 20:57:33| aclMatchRegex: checking '/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.12&version=goog-white-domain:1:24,goog-white-url:1:371,goog-black-url:1:18803,goog-black-enchash:1:45428'
2008/02/28 20:57:33| aclMatchRegex: looking for 'cgi-bin'
2008/02/28 20:57:33| aclMatchRegex: looking for '\?'
2008/02/28 20:57:33| aclMatchRegex: match '\?' found in '/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.12&version=goog-white-domain:1:24,goog-white-url:1:371,goog-black-url:1:18803,goog-black-enchash:1:45428'
2008/02/28 20:57:33| aclMatchAclList: returning 1
2008/02/28 20:57:33| aclCheck: match found, returning 0
2008/02/28 20:57:33| aclCheckCallback: answer=0
2008/02/28 20:57:33| aclCheckFast: list: (nil)
2008/02/28 20:57:33| aclCheckFast: no matches, returning: 1
2008/02/28 20:57:33| aclCheckFast: list: 0x82aa838
2008/02/28 20:57:33| aclMatchAclList: checking all
2008/02/28 20:57:33| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:33| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:33| aclMatchAclList: no match, returning 0
2008/02/28 20:57:33| aclCheckFast: no matches, returning: 0
2008/02/28 20:57:33| aclCheck: checking 'http_reply_access allow all'
2008/02/28 20:57:33| aclMatchAclList: checking all
2008/02/28 20:57:33| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:33| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:33| aclMatchAclList: no match, returning 0
2008/02/28 20:57:33| aclCheck: NO match found, returning 0
2008/02/28 20:57:33| aclCheckCallback: answer=0
2008/02/28 20:57:39| aclCheckFast: list: 0x82aa720
2008/02/28 20:57:39| aclMatchAclList: checking all
2008/02/28 20:57:39| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:39| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:39| aclMatchAclList: no match, returning 0
2008/02/28 20:57:39| aclCheckFast: no matches, returning: 1
2008/02/28 20:57:40| aclCheck: checking 'http_access deny all'
2008/02/28 20:57:40| aclMatchAclList: checking all
2008/02/28 20:57:40| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:40| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:40| aclMatchAclList: no match, returning 0
2008/02/28 20:57:40| aclCheck: checking 'http_access allow geek_net'
2008/02/28 20:57:40| aclMatchAclList: checking geek_net
2008/02/28 20:57:40| aclMatchAcl: checking 'acl geek_net src 192.168.1.0/24'
2008/02/28 20:57:40| aclMatchIp: '192.168.1.105' found
2008/02/28 20:57:40| aclMatchAclList: returning 1
2008/02/28 20:57:40| aclCheck: match found, returning 1
2008/02/28 20:57:40| aclCheckCallback: answer=1
2008/02/28 20:57:40| aclCheck: checking 'cache deny QUERY'
2008/02/28 20:57:40| aclMatchAclList: checking QUERY
2008/02/28 20:57:40| aclMatchAcl: checking 'acl QUERY urlpath_regex cgi-bin \?'
2008/02/28 20:57:40| aclMatchRegex: checking '/'
2008/02/28 20:57:40| aclMatchRegex: looking for 'cgi-bin'
2008/02/28 20:57:40| aclMatchRegex: looking for '\?'
2008/02/28 20:57:40| aclMatchAclList: no match, returning 0
2008/02/28 20:57:40| aclCheck: NO match found, returning 1
2008/02/28 20:57:40| aclCheckCallback: answer=1
2008/02/28 20:57:40| aclCheckFast: list: (nil)
2008/02/28 20:57:40| aclCheckFast: no matches, returning: 1
2008/02/28 20:57:40| aclCheckFast: list: 0x82aa838
2008/02/28 20:57:40| aclMatchAclList: checking all
2008/02/28 20:57:40| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:40| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:40| aclMatchAclList: no match, returning 0
2008/02/28 20:57:40| aclCheckFast: no matches, returning: 0
2008/02/28 20:57:40| aclCheck: checking 'http_reply_access allow all'
2008/02/28 20:57:40| aclMatchAclList: checking all
2008/02/28 20:57:40| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 20:57:40| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 20:57:40| aclMatchAclList: no match, returning 0
2008/02/28 20:57:40| aclCheck: NO match found, returning 0
2008/02/28 20:57:40| aclCheckCallback: answer=0

##

2008/02/28 21:22:58| aclMatchIp: '192.168.1.105' found
2008/02/28 21:22:58| aclMatchAclList: returning 1
2008/02/28 21:22:58| aclCheck: match found, returning 1
2008/02/28 21:22:58| aclCheckCallback: answer=1
2008/02/28 21:22:58| aclCheck: checking 'cache deny QUERY'
2008/02/28 21:22:58| aclMatchAclList: checking QUERY
2008/02/28 21:22:58| aclMatchAcl: checking 'acl QUERY urlpath_regex cgi-bin \?'
2008/02/28 21:22:58| aclMatchRegex: checking '/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.12&version=goog-white-domain:1:24,goog-white-url:1:371,goog-black-url:1:18803,goog-black-enchash:1:45428'
2008/02/28 21:22:58| aclMatchRegex: looking for 'cgi-bin'
2008/02/28 21:22:58| aclMatchRegex: looking for '\?'
2008/02/28 21:22:58| aclMatchRegex: match '\?' found in '/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.12&version=goog-white-domain:1:24,goog-white-url:1:371,goog-black-url:1:18803,goog-black-enchash:1:45428'
2008/02/28 21:22:58| aclMatchAclList: returning 1
2008/02/28 21:22:58| aclCheck: match found, returning 0
2008/02/28 21:22:58| aclCheckCallback: answer=0
2008/02/28 21:22:58| aclCheckFast: list: (nil)
2008/02/28 21:22:58| aclCheckFast: no matches, returning: 1
2008/02/28 21:22:58| aclCheckFast: list: 0x82aa838
2008/02/28 21:22:58| aclMatchAclList: checking all
2008/02/28 21:22:58| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 21:22:58| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 21:22:58| aclMatchAclList: no match, returning 0
2008/02/28 21:22:58| aclCheckFast: no matches, returning: 0
2008/02/28 21:22:58| aclCheck: checking 'http_reply_access allow all'
2008/02/28 21:22:58| aclMatchAclList: checking all
2008/02/28 21:22:58| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 21:22:58| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 21:22:58| aclMatchAclList: no match, returning 0
2008/02/28 21:22:58| aclCheck: NO match found, returning 0
2008/02/28 21:22:58| aclCheckCallback: answer=0
2008/02/28 21:23:03| aclCheckFast: list: 0x82aa720
2008/02/28 21:23:03| aclMatchAclList: checking all
2008/02/28 21:23:03| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 21:23:03| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 21:23:03| aclMatchAclList: no match, returning 0
2008/02/28 21:23:03| aclCheckFast: no matches, returning: 1
2008/02/28 21:23:04| aclCheck: checking 'http_access deny all'
2008/02/28 21:23:04| aclMatchAclList: checking all
2008/02/28 21:23:04| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 21:23:04| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 21:23:04| aclMatchAclList: no match, returning 0
2008/02/28 21:23:04| aclCheck: checking 'http_access allow geek_net'
2008/02/28 21:23:04| aclMatchAclList: checking geek_net
2008/02/28 21:23:04| aclMatchAcl: checking 'acl geek_net src 192.168.1.0/24'
2008/02/28 21:23:04| aclMatchIp: '192.168.1.105' found
2008/02/28 21:23:04| aclMatchAclList: returning 1
2008/02/28 21:23:04| aclCheck: match found, returning 1
2008/02/28 21:23:04| aclCheckCallback: answer=1
2008/02/28 21:23:04| aclCheck: checking 'cache deny QUERY'
2008/02/28 21:23:04| aclMatchAclList: checking QUERY
2008/02/28 21:23:04| aclMatchAcl: checking 'acl QUERY urlpath_regex cgi-bin \?'
2008/02/28 21:23:04| aclMatchRegex: checking '/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.12&version=goog-white-domain:1:24,goog-white-url:1:371,goog-black-url:1:18803,goog-black-enchash:1:45428'
2008/02/28 21:23:04| aclMatchRegex: looking for 'cgi-bin'
2008/02/28 21:23:04| aclMatchRegex: looking for '\?'
2008/02/28 21:23:04| aclMatchRegex: match '\?' found in '/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.12&version=goog-white-domain:1:24,goog-white-url:1:371,goog-black-url:1:18803,goog-black-enchash:1:45428'
2008/02/28 21:23:04| aclMatchAclList: returning 1
2008/02/28 21:23:04| aclCheck: match found, returning 0
2008/02/28 21:23:04| aclCheckCallback: answer=0
2008/02/28 21:23:04| aclCheckFast: list: (nil)
2008/02/28 21:23:04| aclCheckFast: no matches, returning: 1
2008/02/28 21:23:04| aclCheckFast: list: 0x82aa838
2008/02/28 21:23:04| aclMatchAclList: checking all
2008/02/28 21:23:04| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 21:23:04| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 21:23:04| aclMatchAclList: no match, returning 0
2008/02/28 21:23:04| aclCheckFast: no matches, returning: 0
2008/02/28 21:23:04| aclCheck: checking 'http_reply_access allow all'
2008/02/28 21:23:04| aclMatchAclList: checking all
2008/02/28 21:23:04| aclMatchAcl: checking 'acl all src 0.0.0.0'
2008/02/28 21:23:04| aclMatchIp: '192.168.1.105' NOT found
2008/02/28 21:23:04| aclMatchAclList: no match, returning 0
2008/02/28 21:23:04| aclCheck: NO match found, returning 0
2008/02/28 21:23:04| aclCheckCallback: answer=0

Last edited by laroseengineer; 02-28-2008 at 09:24 PM.
 
Old 02-28-2008, 11:04 PM   #8
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Is there series of defined acl Safe_ports in your squid.conf? You never posted it in your configuration file. By default squid has this defined and it came as ordered below.

Code:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
 
Old 02-29-2008, 04:29 AM   #9
shahz
Member
 
Registered: Sep 2006
Location: Quetta, Pakistan
Distribution: RHEL 4
Posts: 360

Rep: Reputation: 29
I din't see ACL for the lan which you have allowed

http_access allow lan

because when I was configuring I mention my network like

acl lan src 192.168.0.0/24

then allowed

http_access allow lan
 
Old 02-29-2008, 06:13 AM   #10
laroseengineer
LQ Newbie
 
Registered: Jan 2006
Posts: 6

Original Poster
Rep: Reputation: 0
==Update==
Note, this is no longer an issue. I uninstalled 2.5 and installed the latest 3.0 stable. Works like a charm. I think there was a bug or something in 2.5. It only took me 20 minutes or so to setup 3.0. Although I don't like to give up and working through these 'bug'issues only make me smarter, I couldn't see spending more time on it.

Thanks for everyone's assistance. You can check out my setup here.

http://engineeringgeek.com/wiki/index.php/Squid

##
Yes, I do have the acl's for the safe ports. I don't know why they weren't posted.

Here is my squid.conf with the safe ports and http_access allow geek_net and the specific ip 192.168.1.105..

##
http_port 192.168.1.111:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
debug_options ALL,1, 32,2
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny all
acl geek_net src 192.168.1.0/24
acl geekjr src 192.168.1.105
http_access allow geek_net
http_access allow geekjr
http_access deny !Safe_ports
http_access allow CONNECT SSL_PORTS
http_access deny purge
http_access allow purge localhost
http_access deny manager
http_access allow all manager localhost
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_effective_user administrator
cache_effective_group administrator
visible_hostname geekserver1.engineeringgeek.com
coredump_dir /var/spool/squid
##

Last edited by laroseengineer; 03-01-2008 at 07:29 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Access Denied Help eurekaguy4u Linux - Networking 21 04-29-2010 10:30 AM
squid access denied hariiyer Linux - Networking 2 10-30-2004 09:55 AM
Access Denied Using Squid Lucinda Linux - Software 8 06-10-2004 06:30 AM
squid comes back with message 'access denied' mhs1973 Linux - Networking 4 02-08-2002 11:17 PM
Denied access by squid hagenuk Linux - General 1 10-07-2001 10:45 AM


All times are GMT -5. The time now is 12:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration