Re: [squid-users] Problem accessing some sites

Lo,

This is your problem:

acl BANDOMAIN urlpath_regex www .com .net

   =>
http://mis3.home.company/inhouse/COMmon/login.asp?goto=/inhouse/leave/Default.asp&fnum.

In this acl your blocking every url with www, com or net!
You should use dest domain instead.

rgrds,

       Bart
squid squid wrote:

> Hi,
>
> I have just compiled Squid 2.5 Stable 4 and running it on Solaris 8 on
> an Intranet environment. However I am having problem accessing sites
> with URL like
> http://mis3.home.company/inhouse/common/login.asp?goto=/inhouse/leave/Default.asp&fnum.
>
>
> The error message is as follows:
>
> The requested URL could not be retrieved.
> While trying to retrieve the URL:
> http://mis3.home.company/inhouse/common/login.asp?
> The following error was encountered:
> Access Denied.
> Access control configuration prevents your request from being alloed
> at this time. Pls contact your service provider if you feel this is
> incorrect.
>
> On the access logfile, I got 403 TCP_DENIED:NONE.
>
> Pls advise what could have gone wrong. Thank you.
>
> My squid.conf is as follows:
>
> # NETWORK OPTIONS
> http_port 3128
> icp_port 0
>
> # OPTION WHICH AFFECT NEIGHBOUR SELECTION ALGORITHM
> cache_peer 123.45.1.30 parent 3128 0 no-query proxy-only
> acl query urlpath_regex cgi-bin \?
> acl dynamic_contents urlpath_regex \*\.asp
> acl dynamic_contents urlpath_regex \*\.jsp
> no_cache deny query dynamic_contents
>
> # OPTIONS WHICH AFFECT THE CACHE SIZE
> cache_mem 10 MB
> maximum_object_size 1024 KB
> maximum_object_size_in_memory 1024 KB
>
> # LOGFILE PATHNAMES & CACHE DIRECTORIES
> cache_dir ufs /usr/local/squid/var/cache 3000 16 256
> cache_access_log /usr/local/squid/var/logs/access.log
> cache_log /usr/local/squid/var/logs/cache.log
> pid_filename /usr/local/squid/var/logs/squid.pid
> cache_store_log none
> emulate_httpd_log on
> log_ip_on_direct off
> mime_table /usr/local/squid/etc/mime.conf
> log_mime_hdrs off
> debug_options ALL,1
> log_fqdn off
>
> # OPTIONS FOR TUNING THE CACHE
> request_header_max_size 1 KB
> negative_ttl 5 minutes
> positive_dns_ttl 30 minutes
> negative_dns_ttl 1 minutes
>
> # TIMEOUTS
> connect_timeout 120 seconds
> peer_connect_timeout 120 seconds
> read_timeout 5 minutes
> request_timeout 5 minutes
> half_closed_clients off
> pconn_timeout 15 seconds
> shutdown_lifetime 10 seconds
>
> # DEFAULT ACCESS CONTROLS
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_PORTS port 343 443 7002 8000 9000 15000
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl SSL method CONNECT
>
> # Only allow administrator access from localhost
> http_access allow manager localhost
> http_access deny manager
>
> # Deny requests to unknown ports
> http_access deny !Safe_ports
>
> #Deny CONNECT to other than SSL ports and no direct connection for SSL
> http_access deny SSL !SSL_ports
> never_direct allow SSL
>
> # Ban on file types and domain
> acl BANFILE urlpath_regex \.bmp$ \.mp3$ \.mpg$ \.avi$
> acl BANDOMAIN urlpath_regex www .com .net
> http_access deny BANFILE
> http_access deny BANDOMAIN
>
> # For the cache purge
> acl PURGE method purge
> http_access allow PURGE localhost
> http_access deny PURGE
>
> # Commom application/web servers in local
> acl direct-svr dstdomain mis3.home.company
> always_direct allow direct-svr
>
> # Commom application/web servers housed remote and access thru'
> 123.45.1.30
> acl remote-svr dst 123.45.1.31
> cache_peer_access 123.45.1.30 allow remote-svr
> never_direct allow remote-svr
>
> # Allow requests to proxy
> http_access allow all
>
> # HTTPD-ACCELERATOR OPTIONS
> # For Squid to run as transparent proxy
> httpd_accel_uses_host_header on
>
> # ADMINISTRATIVE PARAMETERS
> cache_mgr squid@inet.company
> cache_effective_user nobody
> visible_hostname proxy.inet.company
>
> # MISCELLANEOUS
> dns_testnames home.company mis3.home.company
> memory_pools off
> cachemgr_passwd none all
> snmp_port 0
> client_db off
>
> _________________________________________________________________
> Get 10mb of inbox space with MSN Hotmail Extra Storage
> http://join.msn.com/?pgmarket=en-sg
>
>

-- 
 Schelstraete Bart
 http://www.hansbeke.com
 email: bart at schelstraete.org