Re: [squid-users] Help with accelerated site

Hello Amos,
Thanks for your reply and suggestion

I have just done what you suggested and I still couldn't access the internet
from my local network
I completely removed "our_network" and the relevant http_access etc..
But couldn't access the internet

After that I did the following

added and http_port 8080
to the config and up my clients could access the internet and I can still
access my backend server from the internet
So normally everything is working fine

I am not sure it's being wise to make squid listen on more than one port,
I'll keep a closer eye on it and see what will happen in the next day or
two.
Anyway this for the benefit of anybody who find themselves in the same or
similar situation
if you're forced to use http_port 3128 vhost (in order to access your sites
from outside i.e Internet)
This is if your sites are on the same webserver on a virtual host

you can use the following
http_port 3128 vhost
http_port 8080 or whatever you want to use for your clients and then simply
configure your clients to use that port

I just want to thank everyone here who tried to help

Best regards
Adam
----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: <squid-users_at_squid-cache.org>
Sent: Monday, March 29, 2010 12:12 AM
Subject: Re: [squid-users] Help with accelerated site

> On Sun, 28 Mar 2010 23:37:38 +0100, "Adam_at_Gmail" <adbasque_at_googlemail.com>
> wrote:
>> Hi Ron thanks again for your reply
>> No I think you're a little confused here
>> I have one network at the moment and is the 192.168.1.0
>>
>> My Router and proxy are both on the same machine which is 192.168.1.4
>> My backend server is on 192.168.1.3
>> Two different machines but on the same network
>>
>> However if I use this
>>
>> http_port 80 accel vhost defaultsite=www.mysite.org
>> cache_peer 192.168.1.3 parent 81 originserver name=whatever
>> But the probleme is elsewhere because if I use
>> http_port 3128 vhost I can access my website both from inside my network
>> and
>> from the internet
>> If I use
>> http_port 3128 without the vhost my network clients can access the
>> "Internet" but I can't access my websites (backend server)
>> This is the situation right now.
>
> Right. Okay. STOP touching the reverse-proxy parts of the config.
> You have them working.
>
> "http_port 3128" should stay with no other special flags.
>
>
> In the config you posted earlier you had these lines:
>
> acl localnet src 10.0.0.0/8
> acl localnet src 172.16.0.0/12
> acl our_network 192.168.1.0/24
>
> http_access allow manager localhost
> http_access deny manager
>
> http_access allow localnet
> http_access deny all
>
> http_access allow our_network
> http_access deny all
>
>
> If you read them top to bottom the way Squid reads them you will clearly
> see that you have a "deny all" right in the middle. This does exactly what
> it says denies ALL access to things which are not permitted above it.
>
> You need to remove the "our_network" ACL completely and adjust the
> "localnet" ACL as per the default config instructions so that it only
> specifies your internal LAN IP address range(s).
>
> Amos
Received on Sun Mar 28 2010 - 23:39:57 MDT