Our company has a proxy server running on RH8.0. My job is to setup a
second proxy server that will be acting as a primary proxy for another
location. The OS I am using is CentOS 4.1, which came loaded with
squid-2.5.STABLE6-3.4E.5.
I copied the ACLs from the production proxy server. I am in the process of
trying to see if everything is working properly, but it seems the squid.conf
is not reading the users.txt, powerusers.txt, or anything with the acl
[name] proxy_auth "" configuration. I am able to get to sites listed in the
whitelist.txt. Outside of that, I cannot go anywhere (such as
www.google.com). The production server allows this. I added .google.com to
the whitelist.txt on the machine I am trying to setup, and then it works,
but I do not understand why it is not working without being in the
whitelist.txt. Below are my squid.conf acl settings. The part I thought
would allow me to access google or other not whitelist.txt sites (other than
blacklist, and sites for powerusers) was the acl AuthLimitedUsers proxy_auth
REQUIRED
What am I missing?
---------------------------------------------------
acl DoNotCacheWebSites dstdomain "/etc/squid/rules/donotcachewebsites.txt"
acl Freemarkets dstdomain .freemarkets.com
acl MyTextron dstdomain .mytextron.com
acl WComNet dstdomain .wcom.net
acl Corrlink dstdomain .weyerhaeuser.com
acl SchwabPlan dstdomain .schwabplan.com
acl LindWaldock dstdomain .lind-waldock.com
acl BrownListWebsites dstdomain "/etc/squid/rules/brownlist.txt"
acl BlackListWebsites dstdomain "/etc/squid/rules/blacklist.txt"
acl BlackListIpAddresses dst "/etc/squid/rules/blacklistipaddr.txt"
acl BlackListIpAddress1 dst 64.73.35.120
acl OpenAccessWhiteListWebsites dstdomain
"/etc/squid/rules/openaccesswhitelist.txt"
acl OpenAccessWhiteListIpAddresses dst
"/etc/squid/rules/openaccesswhitelistipaddr.txt"
acl WhiteListWebsites dstdomain "/etc/squid/rules/whitelist.txt"
acl WhiteListIPAddresses dst "/etc/squid/rules/whiteipaddr.txt"
acl AuthLimitedUsers proxy_auth REQUIRED
acl AuthPowerUsers proxy_auth "/etc/squid/rules/powerusers.txt"
acl AuthIPAddresses src "/etc/squid/rules/poweripaddresses.txt"
acl AuthSafeAccessUsers proxy_auth "/etc/squid/rules/users.txt"
acl OverRideBrownListUsers proxy_auth "/etc/squid/rules/ovrdbrownlist.txt"
#http_access allow manager all
http_access allow manager our_networks
#http_access allow all open_for_ip_address
http_access allow all Freemarkets
http_access allow all MyTextron
http_access allow all Corrlink
http_access allow all SchwabPlan
http_access allow all WcomNet
http_access allow all LindWaldock
http_access allow all AuthSafeAccessUsers
http_access allow all AuthPowerUsers
http_access allow all AuthIPAddresses
http_access allow all OpenAccessWhiteListWebsites
http_access allow all OpenAccessWhiteListIpAddresses
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny !our_networks
http_access allow BrownListWebsites OverRideBrownListUsers
http_access deny all BrownListWebsites
http_access deny all BlackListWebsites
http_access deny all BlackListIpAddresses
http_access deny all BlackListIpAddress1
#http_access allow all AuthSafeAccessUsers
http_access allow WhiteListWebsites AuthLimitedUsers
http_access allow WhiteListIPAddresses AuthLimitedUsers
http_access deny all
--------------------------------------------------------
Received on Tue Sep 27 2005 - 10:12:05 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT