I seem to have an acl issue, can anyone see whats wrong.
When I use client -p 8080 http://www.google.com from the command line i
get the page and I see in the access.log that localhost access was OK.
However, when trying to allow my client pc's 10.91.11.163 and
10.91.11.164 access to squid but am getting connection failed /
connection refused messages in the browser.
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: http://www.google.com/
The following error was encountered:
Connection Failed
The system returned:
(111) Connection refusedThe remote host or network may be down.
Please try the request again.
Your cache administrator is mcudmore@dft.gsi.gov.uk.
--------------------------------------------------------------------------------
Generated Wed, 08 Jan 2003 14:28:37 GMT by ahv-squid
(squid/2.5.STABLE1-20021223)
Sample access.log message
1042037417.503 16 10.91.11.164 TCP_MISS/503 1442 GET
http://www.google.com/ -
NONE/- text/html
squid.conf is.....
http_port 8080
cache_peer 10.199.6.100 parent 8080 0 default no-query
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
acl dft src 10.0.0.0/255.0.0.0
no_cache deny QUERY
no_cache deny dft
cache_mem 48 MB
maximum_object_size_in_memory 64 KB
cache_dir aufs /var/spool/squid 20000 50 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
ftp_user cache@dft.gsi.gov.uk
dns_children 16
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl dfttest src 10.91.11.163/255.255.255.255
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localhost2 src 10.91.11.164/255.255.255.255
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localhost2
http_access allow dfttest
http_access allow all
icp_access allow all
cache_mgr mcudmore@dft.gsi.gov.uk
cache_effective_user squid
cache_effective_group squid
visible_hostname ahv-squid
always_direct allow dft
never_direct allow all
Regards
Mike Cudmore
GSI & Intranet Connectivity Team
*********************************************************************
This E-mail and any files transmitted with it are private and
intended solely for the use of the individual or entity to whom
they are addressed. If you are not the intended recipient,
the E-mail and any files have been transmitted to you in error
and any copying, distribution or other use of the information
contained in them is strictly prohibited.
Nothing in this E-mail message amounts to a contractual
or other legal commitment on the part of the Government
unless confirmed by a communication signed on behalf of
the Secretary of State.
The Department's computer systems may be monitored
and communications carried on them recorded, to secure
the effective operation of the system and for other lawful
purposes.
*********************************************************************
Received on Wed Jan 08 2003 - 08:04:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:35 MST