Re: Acess Denied

The request was allowed fine.

Maybe it loops back on itself?

Questions/notes:

1. Why are you using a redirector?

2. It is not wise to have httpd_accel_host,port match the same address
as Squid is running on. Doing so easily creates a request loop where
Squid forwards the request to itself.

3. Note that the httpd_accel_with_proxy function has limitations. Squid
usually cannot proxy hosts it is accelerating. Can be worked around
using a redirector.

/Henrik

Kent, Mr. John wrote:
>
> Henrik,
>
> Attempting to setup squid on a new machine, keep getting Access Denied no
> matter what I do. Running squid as
> an accelerator for http://www.nrlmry.navy.mil:9999
>
> I have attached both my config file, using the defaults
> for acl and access and the cache.log output in the hope
> that you can take a look and tell me quickly what my
> error is.
>
> I have tried using both http deny all and http allow all
> on the last line with no difference.
>
> Thank you
>
> John Kent
>
> ###########################################################
> # squid.conf
> http_port 9999
>
> tcp_outgoing_address 199.9.2.44
>
> httpd_accel_host www.nrlmry.navy.mil # accelerate only this one machine
> httpd_accel_port 9999
>
> # NOTE: enabling httpd_accel_host disables proxy-caching and
> # ICP. If you want these features enabled also, then set
> # the 'httpd_accel_with_proxy' option.
>
> # TAG: httpd_accel_with_proxy on|off
> # If you want to use Squid as both a local httpd accelerator
> # and as a proxy, change this to 'on'.
> #
> httpd_accel_with_proxy on
>
> icp_port 0
>
> hierarchy_stoplist /cgi-bin/ /java-bin /dev-bin /training /composer
>
> acl QUERY urlpath_regex /cgi-bin /java-bin /dev-bin /training /composer
> no_cache deny QUERY
>
> debug_options ALL,1 28,9
>
> redirect_program /users/webuser/squid/etc/lib/redirect.pl
> redirect_children 10
> redirect_rewrites_host_header off
>
> #Defaults:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> # TAG: http_access
> # Allowing or Denying access based on defined access lists
> #
> # Access to the HTTP port:
> # http_access allow|deny [!]aclname ...
> #
> # Access to the ICP port:
> # icp_access allow|deny [!]aclname ...
> #
> # NOTE on default values:
> #
> # If there are no "access" lines present, the default is to allow
> # the request.
> #
> # If none of the "access" lines cause a match, the default is the
> # opposite of the last line in the list. If the last line was
> # deny, then the default is allow. Conversely, if the last line
> # is allow, the default will be deny. For these reasons, it is a
> # good idea to have an "deny all" or "allow all" entry at the end
> # of your access lists to avoid potential confusion.
> #
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access allow all
>
> emulate_httpd_log on
> cache_access_log /users/webuser/squid/logs/access.log
> cache_store_log /users/webuser/squid/logs/store.log
>
> cache_mgr kent@nrlmry.navy.mil
> cachemgr_passwd passwd all
>
> cache_effective_user webuser
> cache_effective_group xtuser
>
> cache_mem 8 MB
>
> # TAG: memory_pools on|off
> # If set, Squid will keep pools of allocated (but unused) memory
> # available for future use. If memory is a premium on your
> # system and you believe your malloc library outperforms Squid
> # routines, disable this.
> #
>
> memory_pools on
>
> ######################################################
> # what is generated in the cache.log
>
> 2000/05/25 14:14:19| aclCheckFast: list: 101fbf80
> 2000/05/25 14:14:19| aclMatchAclList: checking all
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> 2000/05/25 14:14:19| aclMatchIp: '192.160.159.24' found
> 2000/05/25 14:14:19| aclMatchAclList: returning 1
> 2000/05/25 14:14:19| aclCheck: checking 'http_access allow manager
> localhost'
> 2000/05/25 14:14:19| aclMatchAclList: checking manager
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl manager proto cache_object'
> 2000/05/25 14:14:19| aclMatchAclList: returning 0
> 2000/05/25 14:14:19| aclCheck: checking 'http_access deny manager'
> 2000/05/25 14:14:19| aclMatchAclList: checking manager
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl manager proto cache_object'
> 2000/05/25 14:14:19| aclMatchAclList: returning 0
> 2000/05/25 14:14:19| aclCheck: checking 'http_access deny !Safe_ports'
> 2000/05/25 14:14:19| aclMatchAclList: checking !Safe_ports
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl Safe_ports port 80 21 443
> 563 70 210 1025-65535'
> 2000/05/25 14:14:19| aclMatchAclList: returning 0
> 2000/05/25 14:14:19| aclCheck: checking 'http_access deny CONNECT
> !SSL_ports'
> 2000/05/25 14:14:19| aclMatchAclList: checking CONNECT
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl CONNECT method CONNECT'
> 2000/05/25 14:14:19| aclMatchAclList: returning 0
> 2000/05/25 14:14:19| aclCheck: checking 'http_access allow all'
> 2000/05/25 14:14:19| aclMatchAclList: checking all
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> 2000/05/25 14:14:19| aclMatchIp: '192.160.159.24' found
> 2000/05/25 14:14:19| aclMatchAclList: returning 1
> 2000/05/25 14:14:19| aclCheck: match found, returning 1
> 2000/05/25 14:14:19| aclCheckCallback: answer=1
> 2000/05/25 14:14:19| aclCheckFast: list: 101fbca0
> 2000/05/25 14:14:19| aclMatchAclList: checking QUERY
> 2000/05/25 14:14:19| aclMatchAcl: checking 'acl QUERY urlpath_regex /cgi-bin
> /java-bin /dev-bin /training /composer '
> 2000/05/25 14:14:19| aclMatchRegex: checking '/'
> 2000/05/25 14:14:19| aclMatchRegex: looking for '/cgi-bin'
> 2000/05/25 14:14:19| aclMatchRegex: looking for '/java-bin'
> 2000/05/25 14:14:19| aclMatchRegex: looking for '/dev-bin'
> 2000/05/25 14:14:19| aclMatchRegex: looking for '/training'
> 2000/05/25 14:14:19| aclMatchRegex: looking for '/composer'
> 2000/05/25 14:14:19| aclMatchAclList: returning 0
> 2000/05/25 14:14:19| aclCheckFast: no matches, returning: 1
Received on Sat May 27 2000 - 06:46:35 MDT