Re: [squid-users] access denied 2.4

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 06 Apr 2001 04:34:38 +0200

Your ruleset gives the world full access to your proxy without
restrictions (the initial "http_access allow all" line).

Because of this I suspect you are seeing some other problem, probably a
request loop. Do you get anything in cache.log when it happens?

And yes, you should correct your http_access rules to a more restrictive
setting..

--
Henrik Nordstrom
Squid hacker
uhoulila@mwe.com wrote:
> 
> Hello everyone,
> 
> I have the following problem..
> 
> I have 8 remote sites that access the Internet directly using squid 2.4 stable 1
> on FreeBSD (directly,no parent or anything like that). When the users attempt to
> access an Intranet server, they get access denied..Before you jumb to
> conlusions, I have read all the other facts and mailing lists and set access
> allow all and direct always for all the intranet, however, non of that
> worked..the only way around it was to go to the explorer settings and set bypass
> proxy for all local servers in addition to sepcifiying the private network.  The
> wierd part is that when I installed squid 2.4 pre release of Feb20th..I did not
> encounter these problems, only once I installed the Stable 1 did this start
> happening.  What is weirder, is that if I access the intranet  by name, i.e.
> http://localserver, the proxy will resolve the address and allow access, if I
> replace the local server with the server's local address, it gives me access
> denied.....Here is a summary of the config for one of the remote sites..Any help
> would be greatly appreciated.....
> 
> Thanks and have a nice day
> 
> acl all src 10.3.0.0/255.255.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443 563
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> 
> http_access allow all
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> acl local_servers dst 10.0.0.0/255.0.0.0
> always_direct allow local_servers
> http_access deny CONNECT !SSL_ports
> http_access deny all
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> wccp_router 10.3.79.2
> http_port 8080
> cache_dir ufs  /cache 50000 16 256
> 
> *************************************************************************************
> 
> This message is a PRIVATE communication.   If you are not the intended
> recipient, please do not read, copy, or use it, and do not disclose it to
> others.  Please notify the sender of the delivery error by replying to this
> message, and then delete it from your system.  Thank you.
> *************************************************************************************
> 
> For more information on McDERMOTT, WILL & EMERY please visit our website at:
> http://www.mwe.com/
Received on Thu Apr 05 2001 - 20:34:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:10 MST