Squid proxy

sakthi.s · 11-24-2006, 05:29 AM

Hi

I have installed redhat linux 9.0 in our office and configured squid transperant proxy + iptables firewall. I have segregated my users into two groups like support staff and general users. There is no restriction for support staff and general users can browse only their allowed site and i denied access to all pronography stuffs for all. Now i want to add few more urls to be allowed to browse, entered the same in my ACL. But squid is not allowing, but already allowed sites i able to browse but newly added urls i am not able to browse.

Here is my ACL control list

http_access allow localhost
acl mylan src 192.168.1.0/255.255.255.0
acl allowed_pc src "/etc/squid/allowed_pc"
acl support_staff src "/etc/squid/support_staff"
acl general src "/etc/squid/general"
acl rejects url_regex "/etc/squid/rejects"
acl allowed dstdomain "/etc/squid/allowed"

http_access deny rejects
http_access deny !allowed_pc
http_access deny !mylan
http_access allow general allowed allowed_pc
http_access allow support_staff !general
http_access deny all

"allowed_pc" contains all the ip address to be able to access internet
"support_staff" contains the ip address of theirs
"general" contains all the general users ip address

"rejects" has all the keywords and domain name of pronography stuffs. For eg.

# vi rejects
.sex.com
.playboy.com
xxx.com
teengirls
.
.
etc

"allowed" has all the urls which can be accessed by general group. For eg.

# vi allowed
.firstflight.com
.ffclchennai.net
mq.hathway.com/mqsweb
.royalsundaram.in
onlineservices.tin.nsdl.com/TIN/populateUsingPanno.do
incometaxindiaefiling.gov.in
mail1.hathway.com
.
.
.
etc

In the above list , .firstflight.com
.ffclchennai.net i am able browse which i made the entry at the time of installation. I recently added the remaining site, but i am unable browse the following sites

mq.hathway.com/mqsweb
.royalsundaram.com
onlineservices.tin.nsdl.com/TIN/populateUsingPanno.do

surpringly i am able to browse incomtaxindiaefiling.gov.in , that also i added recently.

I have no clue what went wrong. Desperately need solution. Can you help me out

Thanks in advance

Sakthi

O.Haessler · 11-24-2006, 06:18 AM

Hi sakthi.s,

maybe you have tried it, but did you do a reload for the squid proxy like "/etc/init.d/squid reload" ?

Kind regards

Olli

sakthi.s · 11-26-2006, 11:46 PM

No, i restarted the squid server by issuing the following command in # prompt

service squid restart

But same result.....!!!!

O.Haessler · 11-28-2006, 02:40 AM

Do u get some error messages in

/var/log/squid/cache.log

If yes, please post it?? Maybe it's just a mistyping!

Olli

sakthi.s · 11-28-2006, 08:40 AM

Pasted Cache.log as required by you.

2006/11/28 11:59:01| Squid Cache (Version 2.5.STABLE1): Exiting normally.
2006/11/28 11:59:01| Starting Squid Cache version 2.5.STABLE1 for i386-redhat-linux-gnu...
2006/11/28 11:59:01| Process ID 25352
2006/11/28 11:59:01| With 1024 file descriptors available
2006/11/28 11:59:01| DNS Socket created at 0.0.0.0, port 32971, FD 5
2006/11/28 11:59:01| Adding nameserver 125.22.47.125 from /etc/resolv.conf
2006/11/28 11:59:01| Adding nameserver 202.56.250.5 from /etc/resolv.conf
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_READ_TIMEOUT': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_LIFETIME_EXP': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_READ_ERROR': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_WRITE_ERROR': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_SHUTTING_DOWN': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_CONNECT_FAIL': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_INVALID_REQ': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_UNSUP_REQ': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_INVALID_URL': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_SOCKET_FAILURE': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_DNS_FAIL': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_CANNOT_FORWARD': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FORWARDING_DENIED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_NO_RELAY': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_ZERO_SIZE_OBJECT': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_DISABLED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_FAILURE': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_URN_RESOLVE': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_ACCESS_DENIED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_CACHE_ACCESS_DENIED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_CACHE_MGR_ACCESS_DENIED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_PUT_CREATED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_PUT_MODIFIED': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_PUT_ERROR': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_NOT_FOUND': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_FORBIDDEN': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_FTP_UNAVAILABLE': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_ONLY_IF_CACHED_MISS': (2) No such file or directory
2006/11/28 11:59:01| errorTryLoadText: '/usr/share/squid/errors/ERR_TOO_BIG': (2) No such file or directory
2006/11/28 11:59:01| Unlinkd pipe opened on FD 10
2006/11/28 11:59:01| Swap maxSize 102400 KB, estimated 7876 objects
2006/11/28 11:59:01| Target number of buckets: 393
2006/11/28 11:59:01| Using 8192 Store buckets
2006/11/28 11:59:01| Max Mem size: 8192 KB
2006/11/28 11:59:01| Max Swap size: 102400 KB
2006/11/28 11:59:01| Rebuilding storage in /var/spool/squid (CLEAN)

Regards
Sakthi

sakthi.s · 12-03-2006, 05:51 AM

anybody there to help me out.....!

O.Haessler · 01-02-2007, 08:04 AM

Can you also post your error.log (the last lines after restarting the proxy)..?