RE: [squid-users] Access denied - ACL problem

I got a bit further. I added web server host entry in my ACL:
acl servernameHost dstdomain servername

Then I added
http_access allow servernameHost before the deny_all.
That still didn't work. Then I thought It had something to do with the
Safe_Ports. The server accepts access on port 81, but it is not in the
safe ports list.

So I moved the servernameHost acl before the !Safe_ports acl and now I
get a new error.

=============================================================
While trying to retrieve the URL: http://servername:81/dashboard

The following error was encountered:

    Unable to determine IP address from host name for yaserver

The dnsserver returned:

    Server Failure: The name server was unable to process this query.

This means that:

 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.
=============================================================

Resolv.conf on my squid server does point to my internal DNS server and
I do have PTR and HOST records for servername.
Our dns is on a windows 2000 server with AD. Our squid proxy runs on a
linux box in the same subnet, but the local "servername" is on a
different subnet.

As I stated before, if I disable the proxy in the browser settings,
access works fine.
Also if I try to ping servername from the squid box, I get an unknown
host error.
But I can successfully ping servername.domain.local.

I know it might sound like a DNS issue, but I am only having the issue
when squid is added to the formula.

Any thoughts?

-----Original Message-----
From: Nabin Limbu [mailto:nlimbu@healthnet.org.np]
Sent: Wednesday, August 29, 2007 12:41 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Access denied - ACL problem

In squid.conf,

BEFORE the line "http_access deny all" add below 2 lines

acl mynetwork <yournetworkaddress>
http_access allow mynetwork

reload squid configuration.

Regards
Nabin Limbu

> I am new to squid so please bear with me.
> I have an internal server that runs a helpdesk application and should
> allow users to access it using the computer name as the url on port
81.
> I have added a PTR record in our internal DNS server to point
> "servername" to the correct ip address.
>
> http://servername:81
>
> However, squid is displaying the following error.
> +++++++++++++++++++++++++++++++++
> ERROR
> The requested URL could not be retrieved
>
> While trying to retrieve the URL: http://servername:81/dashboard
>
> The following error was encountered:
>
> * Access Denied.
>
> Access control configuration prevents your request from being
> allowed at this time. Please contact your service provider if you feel

> this is incorrect.
>
> Your cache administrator is webmaster.
> Generated Wed, 29 Aug 2007 16:40:50 GMT by sentinal
> (squid/2.5.STABLE12)
>
> +++++++++++++++++++++++++++++++++
>
> I can access this if I disable my proxy settings in the browser.
> Can anyone tell me how to correct this.
>
>
> This email and any files transmitted with it are intended solely for
> the use of the individual (squid-users@squid-cache.org) or entity
> addressed at squid-users@squid-cache.org. If you have received this
> email in error please notify the system manager. Please note that any
> views or opinions presented in this email are solely those of the
> author and do not necessarily represent those of the company.

This email and any files transmitted with it are intended solely for the use of the individual (recipient) or entity addressed at recipient. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.
Received on Wed Aug 29 2007 - 13:36:07 MDT