LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Squid blocking all traffic access (https://www.linuxquestions.org/questions/linux-newbie-8/squid-blocking-all-traffic-access-682515/)

ifeatu 11-10-2008 09:50 PM
Squid blocking all traffic access
 
I know Squid by default blocks all traffic access but I'm not sure what settings to edit if someone could take a look at the settings I have attempted to make changes on and let me know if I'm on the right track ...here is a snippet from squid.conf


One question though…squid still refuses all of my traffic for some reason here is my current http_access config…any suggestions?

Code:
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
#http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
# http_access deny CONNECT !SSL_ports

billymayday 11-10-2008 09:58 PM
Check what it's listening on with

netstat -nalp | grep :3128

or similar

ifeatu 11-10-2008 10:04 PM
Listening
 
yeah its definately listening...

Code:
ifeatu@ubuntu:/etc/squid$ sudo netstat -nalp | grep :3128
[sudo] password for ifeatu:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*              LISTEN      12384/(squid)
ifeatu@ubuntu:/etc/squid$
here is the error I get when I redirect all firefox traffic thru the proxy...
Code:
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://192.168.1.1/Forward.htm

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is webmaster.
Generated Tue, 11 Nov 2008 03:56:53 GMT by ubuntu.localdomain (squid/2.6.STABLE18)

billymayday 11-10-2008 10:26 PM
Try something like

Code:
acl our_networks src 192.168.1.0/24
http_access allow our_networks
http_access deny to_localhost
before the final deny all

ifeatu 11-11-2008 05:51 AM
Listening
 
yeah its definately listening...

Code:
ifeatu@ubuntu:/etc/squid$ sudo netstat -nalp | grep :3128
[sudo] password for ifeatu:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*              LISTEN      12384/(squid)
ifeatu@ubuntu:/etc/squid$
here is the error I get when I redirect all firefox traffic thru the proxy...
Code:
ifeatu@ubuntu:/etc/squid$ sudo netstat -nalp | grep :3128
[sudo] password for ifeatu:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*              LISTEN      12384/(squid)
ifeatu@ubuntu:/etc/squid$

billymayday 11-11-2008 02:01 PM
Would you like to correct the previous post an include the errors?

ifeatu 11-11-2008 02:56 PM
I did
 
Yes I did correct the previous post, but instead of the system correcting the post it created an alternate post for which I was reprimanded by the web admin for this site...you should advise them to take the "edit" feature from newly submitted posts as it doesnt work properly.

billymayday 11-11-2008 03:03 PM
It does usually, unless you are over enthusiastic about hitting buttons (and we all do that sometimes).

What errors are you getting since you added the ACL? Post #5 doesn't show the errors

billymayday 11-11-2008 03:27 PM
Have you read through http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid ?


All times are GMT -5. The time now is 11:44 AM.