Re: [squid-users] Getting error msgs when trying to start squid

>
>
>
> Amos Jeffries-2 wrote:
>>
>> FYI:
>> The squid wiki http://wiki.squid-cache.org has the authoritative current
>> information and how-tos.
>>
>> The config manual http://www.squid-cache.org/Doc/config has the
>> authoritative content on all options since Squid-2.5 what they do and
>> where they are available.
>>
>> What do you mean by "proxy + cache for http"? none of those words
>> meanings individually or together match with httpd_accel config options
>> meaning.
>>
>> Your config as posted shows:
>> A regular forward proxy listening on port 3128 and only allowing
>> traffic from localhost (aka IP 127.0.0.1) through to the internet.
>> Some extension HTTP methods have been added to allow SVN to work through
>> the proxy.
>> Port security has been updated to allow rsync, cups and SWAT protocols
>> to be sent over standard HTTP, and rsync, snews over CONNECT tunnel
>> requests.
>> The proxy sits in a private network of 192.168.2.0/24, though the
>> network hosts are not allowed to use it.
>>
>> What do you need to add/alter from that?
>>
>> Amos
>>
>
> Amos I probably don't need most of these rules that came with squid. For
> now
> I only want to get squid to work, speeding up the http browsing and giving
> total access to the internet to the network clients.
>
> I have made I few changes to squid.conf based on what you told me, but
> proxy
> still doesn't work. http://www.nabble.com/file/p23137693/squid.conf
> squid.conf
>
> Would you suggest a different setup for me to use?

I'm scratching my head over what access problems you are getting trying to
use that proxy. It's almost completely open for any type of access, from
any source (not good, but understandable how you got there).

You may need to add "http_reply_access allow all". Note: its _replies_
that are always allowed, not http_access.

Which leads to two points on the config:

 acl localhost src 192.168.2.5 # 192.168.2.5 Server IP, 192.168.2.1 Modem IP

"localhost" is a special term used in networking to mean the IPs 127.0.0.1
and sometimes ::1 as well. When defining an ACL for 'public' squid box IPs
its better to use a different name. The localnet definition covers the
same public IPs anyway so redefining it is not a help here.

  http_access allow all

This opens the proxy to access from any source on the internet at all.
Zero inbound security. Not good for a long-term solution. I'd suggest
testing with that as a "deny all" to make sure we don't get a
false-success.

> --
> View this message in context:
> http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p23137693.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
>

Amos
Received on Tue Apr 21 2009 - 01:36:10 MDT