[SQU] TCP_DENIED/403 error

From: Chee Seng Toh <chee.seng.toh@dont-contact.us>
Date: Wed, 17 Jan 2001 22:12:14 +0800

Hi,

I have a need to tunnel across a proxy server for some test ...

on the server, I can make a successful test
979694422.527 15177 127.0.0.1 TCP_MISS/000 39 CONNECT localhost:443 -
DIRECT/localhost -
(extract from access.log)

but if I try from a remote client, I get errors
979744098.392 232 202.166.3.124 TCP_DENIED/403 997 CONNECT <IP_address
of svr>.2:3128 - NONE/- -
979744134.431 111 202.166.3.124 TCP_DENIED/403 995 CONNECT <IP_address
of svr>.2:443 - NONE/- -

my simple acl as:

#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access deny CONNECT !Safe_ports

http_access allow CONNECT
http_access allow all
http_access deny all

icp_access allow all
#miss_access allow all

I have tried leaving only http_access allow all or only http_access deny
all (one at a time) but still could not get a positive result. Can anyone
spot the unintentional error? Please help, thanks.

Regards
Chee Seng

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Jan 17 2001 - 11:37:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:29 MST