[squid-users] Apache ProxyPass -> Squid -> Zope but TCP_DENIED/403

This is getting frustrating. I've set up Apache with ProxyPass to
redirect all requests of mobile.peterbe.com -> Squid (with squidGuard)
-> Zope.
The requests seem to reach Zope if I look at the log file but they are
all HTTP 1.1 403 and the users who go to mobile.peterbe.com see a
squid error message page where it says Access Denied.

I don't care to use Squid for proxying outbound access. Only as a http
accelerator to speed up cachable web pages.

Before, when I was proxypassing from Apache into Zope everything was
working fine. Now I want to add Squid to improve performance.

Apache runs on 80
Squid runs on 3128
Zope runs on 9080

The /var/log/squid/access.log spits out stuff like this:
1150291833.853 0 127.0.0.1 TCP_DENIED/403 1572 GET
http://80.68.212.7:3128/VirtualHostBase/http/mobile.peterbe.com:80/www/VirtualHostRoot/plog/better-select-boxes
- NONE/- text/html

My apache2 stanza looks like this:
<VirtualHost 80.68.212.7>
  ServerAdmin mail@peterbe.com
  ServerName mobile.peterbe.com

  ProxyPass / http://localhost:3128/VirtualHostBase/http/mobile.peterbe.com:80/$
  ProxyPassReverse / http://localhost:3128/VirtualHostBase/http/mobile.peterbe.$
  ProxyPass /misc_ http://localhost:3128/misc_
  ProxyPass /p_ http://localhost:3128/p_
  ErrorLog /var/log/apache2/mobile.peterbe.error_log
  CustomLog /var/log/apache2/mobile.peterbe.access_log combined
</VirtualHost>

My squid.conf looks like this (strippped down and sorted):

acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 9080 # zope
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl my_ip src 80.68.212.7
acl purge method PURGE
acl to_localhost dst 127.0.0.0/8
auth_param basic casesensitive off
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic realm Squid proxy-caching web server
cache_dir aufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
hierarchy_stoplist cgi-bin ?
hosts_file /etc/hosts
http_access allow localhost
http_access allow manager localhost
http_access allow my_ip
http_access allow purge localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_access deny manager
http_access deny purge
http_port 3128
http_reply_access allow all
httpd_accel_host virtual
httpd_accel_port 0
icp_access allow all
no_cache deny QUERY
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
refresh_pattern . 0 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
visible_hostname www.peterbe.com

My squidGuard.conf looks like this:
acl {
        default {
                redirect http://localhost:9080/%p
        }
}

I can give more info but I don't know what matters to anybody who can help me.

-- 
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com