RE: [squid-users] Squid is unable to connect to local webservers

From: Johnson, S <sjohnson_at_edina.k12.mn.us>
Date: Thu, 8 Apr 2010 10:00:44 -0500

Another piece of information I just discovered... I use a wpad.dat file to assign the proxy to users. It works just fine except for the local servers. However, when I force the connection in the browser to the proxy with 8080 (dansguardian) then I can get to my local web servers.

-----Original Message-----
From: Johnson, S [mailto:sjohnson_at_edina.k12.mn.us]
Sent: Thursday, April 08, 2010 9:50 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Squid is unable to connect to local webservers

I've got a squid proxy running in transparent mode with an AUP on a "public" wireless network which is separated from our private network.  We run a local webserver here and found that users get the AUP and cannot click past it when attempting to get to the local web server.

Without using the proxy I can connect just fine to the web server from the squid server so I know they can see each other.

Everything else works great.

I tried setting up an ACL with localweb (seen in the config below) but that didn't allow it through.

Weird thing is that when I try hitting the local web server, I don't see anything in the squid access.log file which makes be believe that squid isn't even seeing the traffic for some reason.

squid config:

# Credentials past their TTL are removed from memory
#authenticate_ttl 0 seconds

#  TAG: acl
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl to_localbox dst 192.168.80.5/32
acl localweb dst 84.8.132.1/32

follow_x_forwarded_for allow localhost
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

external_acl_type session ttl=300 children=1 negative_ttl=0  concurrency=200 %SRC /usr/lib/squid/squid_sessi
on -t 1800

acl session external session

acl localnet src 192.168.80.0/23 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#  TAG: http_access
http_access allow localweb
http_access allow to_localbox
deny_info http://192.168.80.5/index.php?url=%s session
http_access allow session
http_access allow SSL_ports
http_access allow CONNECT SSL_ports
http_access deny !session
http_access deny !Safe_ports

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Received on Thu Apr 08 2010 - 15:00:46 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 09 2010 - 12:00:03 MDT