Re: [squid-users] Help with accelerated site

Hi Hassan,
Thanks for your suggestion, I just did that about 10 times already lol
I started from scratch, the one I have right now is basically a default
config with few changes
I can easily remove them, but with the default config there was no way I
could access my sites
the only thing it did allow was the access to the internet for network
clients

I will double check what Amos has suggested once again and see if I hadn't
missed anything

Regards
Adam

----- Original Message -----
From: "Nyamul Hassan" <mnhassan_at_usa.net>
To: "Squid Users" <squid-users_at_squid-cache.org>
Sent: Monday, March 29, 2010 1:32 AM
Subject: Re: [squid-users] Help with accelerated site

At this point, the best suggestion that I can provide to Adam is to
remove the existing config, and re-instate the default config that
came with Squid. Then, start from there. No need to define make
custom ACLs, make everything accessible at first. Just concentrate on
making the FWD + REV configs working, then moving to ACLs.

Regards
HASSAN

On Mon, Mar 29, 2010 at 6:22 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On Mon, 29 Mar 2010 00:39:40 +0100, "Adam_at_Gmail" <adbasque_at_googlemail.com>
> wrote:
>> Hello Amos,
>> Thanks for your reply and suggestion
>>
>> I have just done what you suggested and I still couldn't access the
>> internet
>> from my local network
>> I completely removed "our_network" and the relevant http_access etc..
>> But couldn't access the internet
>>
>
> Part #1 of my sentence (cleaning out config garbage) completed.
>
> "You need to remove the "our_network" ACL completely"
>
> Part #2 of my sentence (how to enable access) apparently ignored.
>
> ... " and adjust the "localnet" ACL as per the default config
> instructions so that it only specifies your internal LAN IP address
> range(s)."
>
>
> Instead you went on and made up your own approach which complicates your
> setup A LOT and now requires you to juggle many other software
> configurations as well to make them all match the fancy squid.conf ...
>
>
>>
>> After that I did the following
>>
>> added and http_port 8080
>> to the config and up my clients could access the internet and I can
> still
>> access my backend server from the internet
>> So normally everything is working fine
>
> 100% sure about that?
>
> What is your public website name?
>
>
>>
>> I am not sure it's being wise to make squid listen on more than one
> port,
>
> ... not sure it's _wise_ ?!
>
> It's REQUIRED for safe security to run a different port for each type of
> input the proxy receives. When doing so firewall and squid.conf rules
> become very easy to understand and get correct without causing security
> breaches by accidental misconfiguration.
>
> What we have been trying to get you to do is properly setup "http_port 80
> accel vhost" to receive reverse-proxy mode traffic (public website) and
> "http_port 3128" to receive forward-proxy mode traffic (your LAN).
>
>
>> I'll keep a closer eye on it and see what will happen in the next day or
>
>> two.
>> Anyway this for the benefit of anybody who find themselves in the same
> or
>> similar situation
>> if you're forced to use http_port 3128 vhost (in order to access your
>> sites
>> from outside i.e Internet)
>> This is if your sites are on the same webserver on a virtual host
>
> Nobody is ever forced to do this by Squid. You are no exception.
>
> Amos
>
>
Received on Mon Mar 29 2010 - 01:51:03 MDT