Re: [squid-users] Dial in users aren't hitting Squid

From: William Carty <admin@dont-contact.us>
Date: Wed, 13 Feb 2002 18:04:24 -0500

Hi, thanks for the reply.

The problem isn't with porn blocking - that works fine.

The problem is that all of the users that dial up aren't even hitting
squid for some reason. It's like MSIE is ignoring the fact that I have
proxy settings enabled.

When I set up a box on the LAN, squid works fine - it's just when users
dial in.

Thanks.

----- Original Message -----
From: "Bill Updegraff" <bupdegraff@akbible.edu>
To: "William Carty" <admin@thinktankdecoy.com>
Sent: Wednesday, February 13, 2002 5:54 PM
Subject: RE: [squid-users] Dial in users aren't hitting Squid

> William,
>
> Is Squid by itself enough? My impression is that you will be better
served
> to add SquidGuard and DansGuardian.
>
> If you haven't done so, see
>
> http://www.cecea.org/jojo/cleanweb/#Introduction
>
> -Bill
>
>
> -----Original Message-----
> From: William Carty [mailto:admin@thinktankdecoy.com]
> Sent: Wednesday, February 13, 2002 1:31 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Dial in users aren't hitting Squid
>
>
> I cannot figure this out & hope someone has some idea what is causing
it
> to happen...
>
> I have a squid box that dial in users are going to be using to access
> the web. It's set up to block porn / etc.
>
> Users dial in to a cisco 3640. The 3640 & the squid box are located
on
> the same physical network.
>
> If I sit at another workstation connected to the LAN that the 3640 &
the
> squid box are on - I set up MSIE to use the proxy & everything works
> fine.
>
> If I dial in & have MSIE configured to use the proxy, it bypasses it
> completely! I get no "access denied" from squid, doing a tail on the
> access log, I see absolutley no requests to squid as people are
surfing.
> It's as if MSIE is ignoring the fact that I've told it to use a proxy.
>
> The IP address pool the dialin users get their IP from is on the same
> subnet as the squid box & the router - so it should be like they're
> sitting on the LAN, too.
>
> I can't figure out why these dialin people aren't hitting the proxy.
If
> it were one machine, I'd pass it off as a problem with their set up...
> but I'm looking at about 15 people having the same problem.
>
> I've worked on this most of the day. Does anyone have any idea what
> would cause this sort of thing to happen?
>
> Here's the ACL section of my squid.conf... I don't think anything is
> wrong with it as I'm able to use the proxy from the machines on
> Ethernet...
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.0
> acl afam src 208.62.39.32/255.255.255.224
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl porn url_regex "/etc/squid/domains.block"
> acl notporn url_regex "/etc/squid/domains.exclude"
>
> http_access allow notporn
> http_access deny porn
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow afam
> http_access deny all
>
>
> TIA!!!!!!
>
Received on Wed Feb 13 2002 - 15:59:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:21 MST