Squid help

moog7 · 04-29-2013, 02:00 PM

Hi,

Even though I have purged a URL from the squid cache, I still see the old page. For example I have a firewall that does content filtering and I've chosen to block www.domain.com. When a user goes to domain.com they will normally see a access denied page. However once I give this user access to the site, I still get the access denied page as before from squid.

If I take off the proxy settings for example, it works fine.

In my squid.conf I have:

acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

I entered this command: squidclient -h localhost -m PURGE http://www.domain.com/

and receive a HTTP 200 OK.

How do I get around this?

Thanks.

JSkywalker · 04-30-2013, 09:10 AM

your client (=webbrowser) also has a local cache. Did you try to clear that before re-trying to visit www.domain.com?

moog7 · 05-01-2013, 12:38 PM

Quote:

Originally Posted by JSkywalker

your client (=webbrowser) also has a local cache. Did you try to clear that before re-trying to visit www.domain.com?

Yes I've tried deleting the browser cache. I've also cleared and rebuilt the squid cache but the problem remains.

JSkywalker · 05-02-2013, 12:10 PM

"However once I give this user access to the site, I still get the access denied page "
what changes do you make to your config for this?

"If I take off the proxy settings for example"
can you post your 'proxy settings'?

moog7 · 05-02-2013, 05:00 PM

Quote:

Originally Posted by JSkywalker

"However once I give this user access to the site, I still get the access denied page "
what changes do you make to your config for this?

"If I take off the proxy settings for example"
can you post your 'proxy settings'?

I excluded the user's IP address from the content filter so that they can bypass the content filter. This is done on a hardware firewall.

The proxy settings is just the proxy server IP and port number which the browser uses by default. eg. 192.168.1.10:8000

JSkywalker · 05-03-2013, 11:39 AM

Your squid is running on different hardware than your client?
If so, than this line:
http_access allow PURGE localhost
is not good enough, it tells squid to only allow access from localhost.
change it to sometiing like (depending on you local ip-addressed):
acl PURGE src 192.168.0.0/24
This will give access to all ip-addresses from 192.168.0.1 - 192.168.0.254

moog7 · 05-08-2013, 04:33 PM

Quote:

Originally Posted by JSkywalker

Your squid is running on different hardware than your client?
If so, than this line:
http_access allow PURGE localhost
is not good enough, it tells squid to only allow access from localhost.
change it to sometiing like (depending on you local ip-addressed):
acl PURGE src 192.168.0.0/24
This will give access to all ip-addresses from 192.168.0.1 - 192.168.0.254

I added the acl PURGE src 192.168.0.0/24 and removed http_access allow PURGE localhost in squid.conf but squid failed when I tried to restart it.

JSkywalker · 05-09-2013, 05:10 AM

hmmmz, i wonder why i typed "acl PURGE src 192.168.0.0/24", and thinking what that could mean.....

But if your network is configured using a different ip-address-range, than you need to CHANGE this line.

And, when you restart squid, and it " failed when I tried to restart it", it would be nice to have the details on why it did not restart, the details are somewhere in a logfile.....