LinuxQuestions.org - Squid not allowing port 99

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - Squid not allowing port 99 (https://www.linuxquestions.org/questions/linux-software-2/squid-not-allowing-port-99-a-445860/)

Squid not allowing port 99

Hello am trying to access the page
http://mail.aajr.com.mx:99/exchange/USA/

but squit does not allowes me it give me the error
below is a part of my squid.conf file. what could be the problem???\

******************************************************************
ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://mail.aajr.com.mx:99/exchange/USA/

The following error was encountered:

Connection Failed
The system returned:

(13) Permission deniedThe remote host or network may be down. Please try the request again.

Your cache administrator is root.
*******************************************************************

My configuration says

...
acl Safe_ports port 99 # exchange
...
http_access allow Super
http_access allow juany
http_access allow adanm
http_access deny !msnlogin
http_access allow Admin
http_access allow verop
http_access allow javierg
http_access allow ivonne
http_access allow paulam
http_access allow victorf
http_access deny archivos
http_access deny !permitidos
http_access deny !Safe_ports
http_access allow Oficina
http_access deny all

icp_access allow all
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs off

Well, can you access it outside of squid? If so, it's hard to know what the problem is without seeing those other ACLs (specifically the denys).

I can see the pages very well without squid.

this is my complete squid.conf

http_port 192.168.1.179:3128
httpd_accel_host virtual
httpd_accel_port 80 443 8080 19720 19721 10000
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl all src 192.168.1.1-192.168.1.253
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
#acl Safe_ports port 80 21 443 563 70 210 280 488 591 777 110 24 99 1025-65535
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftpSafe_ports
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110 # pop
acl Safe_ports port 24 # smtp
acl Safe_ports port 99 # exchange
acl CONNECT method CONNECT
acl Oficina src 192.168.1.1-192.168.1.90
acl Super src 192.168.1.91-192.168.1.120
acl Admin src 192.168.1.121-192.168.1.200
acl adanm src 192.168.1.36
acl verop src 192.168.1.64
acl javierg src 192.168.1.12
acl paulam src 192.168.1.13
acl ivonne src 192.168.1.22
acl victorf src 192.168.1.64
acl juany src 192.168.1.75
#acl DHRouter src 192.167.1.201-192.168.1.240

acl archivos url_regex -i \.mp3$ \.avi$ \.ppt$ \.pps$ \.swf$ \.exe$

acl permitidos dstdomain 192.168.1.188 .dhl.com .odfl.com .dhl.com.mx .ups.com .fedex.com .sanmina-sci.com 201.120.129.187 .aajr.com.mx .aduanet.net .myyellow.com .menloforwarding.com .ups-scs.com .roadway.com .tellabs.com .overnite.com .baxglobal.com .shiputs.com .usfc.com .dhl-usa.com .usfreightways.com .aesdirect.gov .shiputs.net .cdc.gov .osha.gov .free-training.com .sat.gob.mx .hazmat.ci.laredo.tx.us .forwarding.org 200.76.37.170 200.57.148.20 .aduanet.org

acl msnlogin dstdomain 192.168.1.188 .dhl.com .odfl.com .dhl.com.mx .ups.com .fedex.com .sanmina-sci.com 201.120.129.187 .aajr.com.mx .aduanet.net .myyellow.com .menloforwarding.com .ups-scs.com .roadway.com .tellabs.com .overnite.com .baxglobal.com .shiputs.com .usfc.com .dhl-usa.com .usfreightways.com .aesdirect.gov .shiputs.net loginnet.passport.com .cdc.gov .free-training.com .osha.gov .sat.gob.mx .hazmat.ci.laredo.tx.us .forwarding.org 200.76.37.170 200.57.148.20 .aduanet.org

http_access allow Super
http_access allow juany
http_access allow adanm
http_access deny !msnlogin
http_access allow Admin
http_access allow verop
http_access allow javierg
http_access allow ivonne
http_access allow paulam
http_access allow victorf
http_access deny archivos
http_access deny !permitidos
http_access allow Oficina
http_access deny all

icp_access allow all
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs off

deny_info http://192.168.1.188/Restricted.htm permitidos msnlogin

I don't see any http_access rule in that latest squid.conf relating to the Safe_ports ACL. You define it but don't use it.

i have tried like this with out a success

http_access allow Super
http_access allow juany
http_access allow adanm
http_access deny !msnlogin
http_access allow Admin
http_access allow verop
http_access allow javierg
http_access allow ivonne
http_access allow paulam
http_access allow victorf
http_access deny archivos
http_access deny !permitidos
http_access deny !Safe_ports
http_access allow Oficina
http_access deny all

and

http_access deny !Safe_ports
http_access deny !permitidos

Unfortunately I don't have a squid installation up and running at the moment or I could be a little more helpful with testing.

First off, I believe this is the correct notation:

Code:

acl Safe_ports port 80 21 443 563 70 210 280 488 591 777 110 24 99 1025-65535

Your ACL should be listed in this fashion rather than separate lines.

Also, just for grins, you might try:

Code:

http_access allow Safe_ports

http_access deny !Safe_ports

In other words, first explicitly allow, then explicitly deny. Don't forget to restart squid to test it.

i already tired without success.....
any other ideas?