Re: [squid-users] Time-based oddity that I can't quite nail down...

From: Kurt Buff <kurt.buff_at_gmail.com>
Date: Fri, 13 Nov 2009 18:23:11 -0800

On Thu, Nov 12, 2009 at 16:49, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> The squidclient tool fits into the niche gap between telnet and lynx.
> Allowing a simple input of the request URL and optional other details and
> producing a dump of the results. It has no large dependencies.
>
> To test through the proxy:
>  squidclient http://example.com/
>
> To test without proxy:
>  squidclient -h example.com -p 80 /

I am unable to perform the test as described. I seem to have a
configuration issue in Squid, as I get the error output listed below
when trying issuing, for example, 'squidclient http://www.example.com'
- but 'squidclient -h example.com -p 80 /' works just fine. I'm not
sure what to change in squid.conf to fix this. The IP address of the
is in the 192.168.8.0/24 subnet, if that matters.

Kurt

-----------Begin Error Snippet-----------
squidclient http://www.cnn.com
HTTP/1.0 403 Forbidden
Server: squid/3.0.STABLE19
Mime-Version: 1.0
Date: Sat, 14 Nov 2009 01:56:21 GMT
Content-Type: text/html
Content-Length: 1353
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from zsquid2.mycompany.com
Via: 1.0 zsquid2.zetron.com (squid/3.0.STABLE19)
Proxy-Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></style>
</head><body>
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
<hr>
<p>The following error was encountered while trying to retrieve the
URL: http://www.cnn.com</p>

<blockquote>
<p><b>Access Denied.</b></p>
</blockquote>

<p>Access control configuration prevents your request from being
allowed at this time. Please contact your service provider if you
feel this is incorrect.</p>
-----------End Error Snippet-----------

----------Begin Squid.conf-----------
http_port 3128
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_mem 1536 MB
cache_dir aufs /squid 54476 512 1024

logformat combined %>a %>A %<A [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss

access_log syslog combined
access_log /usr/local/squid/logs/access.log combined
logfile_rotate 90

acl QUERY urlpath_regex cgi-bin \?
# acl all src 0.0.0.0/0.0.0.0
acl our_networks src 10.0.0.0/8 192.168.8.0/24 192.168.10.0/24
192.168.11.0/24 192.168.12.0/24 192.168.13.0/24 192.168.15.0/24
192.168.24.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Header_access lines below added to alleviate issue with downloading PDFs
# 2009-05-12
request_header_access Unless-Modified-Since deny all
request_header_access Translate deny all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow our_networks
http_access deny all
http_reply_access allow all
http_access allow localnet
http_access deny all

# MSN Messenger

acl msn urlpath_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type application/x-msn-messenger

http_access allow msnd
http_access allow msn
http_access allow msn1

icp_access allow localnet
icp_access deny all

htcp_access allow localnet
htcp_access deny all

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname zsquid2.mycompany.com
icp_port 3130
coredump_dir /usr/local/squid/cache
----------End Squid.conf----------
Received on Sat Nov 14 2009 - 02:23:19 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 14 2009 - 12:00:02 MST