Re: [squid-users] cache/PURGE problem !

Comments inline below:

Arindam Haldar wrote:
> well, this squid cache is running for 6+months !.. the transparent mode is
> working fine ever since ... moreover i dont have any acl deny, as the
> default is to accept !..
> http_access allow localhost
> http_access allow all

This is a very bad idea. deny all should be your default, with allow
rules for your local clients, unless you have a lot of faith in a
firewall that is preventing outsiders from talking to Squids port.

> and
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
>
> i guess this makes that i havent denied any access inside squid -- i always
> do it like that !.. is there any /proc setting necessary --like for eg ecn
> -->echo 0 > /proc/sys/net/ipv4/tcp_ecn for some sites !! ????
> but isnt it to be looked into as i cannot PURGE any sites from cache as
> mentioned earlier !

You have to explicitly permit PURGE requests. They are not allowed by
default:

acl PURGE method PURGE
http_access allow localhost PURGE

Or similar, based on what address you want to allow purges from.

> On Friday 07 June 2002 11:27 am, you wrote:
>
>>Your Squid is misconfigured. That seems kind of obvious, eh?
>>
>>I have no problems accessing the site to which you refer through my
>>local Squid (and perhaps I should point out that your CacheRAQ is also
>>running Squid). I would assume you have either misconfigured the access
>>controls, or perhaps you have not enabled httpd_accel_with_proxy (in the
>>case of the access denied messages from client...client uses a proxy
>>connection, whereas a transparent connection from a browser does not).
>>
>>Arindam Haldar wrote:
>>
>>>hi all,
>>>
>>>i am facing a problem which seems is with squid!.. all our office pc is
>>>using squid(in transparent mode) !
>>>when i tried to access site -->http://www.ncbi.nlm.nih.gov i got the 403
>>>acess forbidden ( not from squid but seems from site --i guess !).. at
>>>the same time when i try to acess the same site without squid(pc direct
>>>to router ) i CAN open it !.. furthermore using cobalt cacheraq one can
>>>open the said site !..
>>>i thought to PURGE the site from cache--thinking it might be in cache. i
>>>gave the following command-->client -m PURGE http://www.ncbi.nlm.nih.gov
>>> & got the folowing error--->HTTP/1.0 403 Forbidden
>>>Server: Squid/2.4.STABLE6
>>>Mime-Version: 1.0
>>>Date: Fri, 07 Jun 2002 05:16:19 GMT
>>>Content-Type: text/html
>>>Content-Length: 1323
>>>Expires: Fri, 07 Jun 2002 05:16:19 GMT
>>>X-Squid-Error: ERR_ACCESS_DENIED 0
>>>X-Cache: MISS from cab1.d2visp.com
>>>Proxy-Connection: close
>>>
>>>to my HORROR when i tried to purge yahoo or google site i got the same
>>>message !... i also tried --> client -r http://www.ncbi.nlm.nih.gov
>>>the result was same---site forbidden ..whereas client -r
>>>http://www.yahoo.com did RECACHED the site !...
>>>
>>>i need to know whats hapenning with my squid serrver ! and
>>>importantly---why the perticular SITE is showing ---access denied ??????
>>>
>>>awaiting a reply
>>>
>>>regards
>>>A.H
>>

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com