Re: [squid-users] httpd_accel on port 80 causing access denied

Going through the FAQ I thought I changed all the lines
mentioned. Though I'm not sure. I might still be a
misunderstanding. I've tried with the client machine specifying access
through the proxy and specifying the address as a local address to be
bypassed.

My http_port line looks like

http_port 80

The goal was to run Apache on 127.0.0.1:80 and squid on
in my case 192.168.200.78:80.

I'm sort of confused the acces_log reports and odd variety of
messages. There seem to always be two messages one with the requesting
machines address and one with the servers address. (I decided to use a
different machine as the web browser as using lynx running on the same
machine as squid and apache seemed to guarantee more difficulty in
deciphering the logs.) But in all cases they seem to be messages that
would be expected in some circumstances. TCP_NEGATIVE_HIT/403,
TCP_SWAPFAIL_MISS/403. During some tests I may have triggered a
forwarding loop. I've tried direct access as well as with squid
specified as the proxy.

When I switch to using port 81 for the web server things work
again. My main goal in doing acceleration is to let this squid work as
a reverse proxy or rewriting proxy, so I can subtlely provide access
to semi-restricted things to some users, in addition to speeding up
the local web site. I don't think it matters if I run it on 80 or
81. I just dislike the thought that some Squid Users can do it and I
can't.

On Thu, May 10, 2001 at 06:35:13PM +0200, Henrik Nordstrom wrote:
> What does your http_port line in squid.conf look like?
>
> --
> Henrik Nordstrom
> Squid hacker
>
> Josh Kuperman wrote:
> >
> > I downloaded a recent 2.5 to try for my ideal squid set up. I want to
> > run it as a proxy and http accelerator for a local web site maintained
> > on the same server as the squid proxy.
> >
> > My understanding is that by binding apache to port 80 on the local
> > host, every connection to the web server is really a connection to the
> > squid.
> >
> > Then following the FAQ I made the following changes (and a few others)
> >
> > httpd.conf
> > Port 80
> > BindAddress 127.0.0.1
> >
> > squid.conf
> > httpd_accel_host 127.0.0.1
> > httpd_accel_port 80
> > httpd_accel_with_proxy_on
> >
> > After restarting apache and squid, I attempted to connect to the local
> > web site with lynx and I would get an Access Denied message saying I'm
> > not allowed access to 127.0.0.1 and I've no idea why? I thought as an
> > accelerator, even with httpd_accel_proxy_ on, it would serve out the
> > local web site to everyone, regardless of where they were accessing
> > the site from.
> >
> > What did I miss? I thought I might just have an odd ACL somewhere but
> > I couldn't find one.
> >
> > Is there a good way to verify that all the processes are running on
> > the right ports, etc. Is there some step.
> >
> > --
> > Josh Kuperman
> > josh@saratoga.lib.ny.us

-- 
Josh Kuperman                       
josh@saratoga.lib.ny.us