[squid-users] Squid3 on ubuntu 10.4 problem using acl whitelist in external file from MM Gillon on 2010-05-24 (squid-users)

From: MM Gillon <margaretgi_at_yahoo.com>
Date: Mon, 24 May 2010 11:44:06 -0700 (PDT)

First I am new at working with networks. Most of the IT staff were downsized last year including the administrator. I am a database programmer. I like ubuntu and have an ubuntu database server. I am trying to use an ubuntu server as a squid proxy so that Windows workstations on a manufacturing floor can only go to company web sites on a whitelist. I am manually configuring the workstations to go to this proxy server. Squid3 loads okay without error messages. I know it is seeing the whitelist.txt file because I get an error if the file is not present. However SQUID will not allow any addresses to load even those in the white list. Below is my squid.conf and my whitelist.txt file. The message in the Squid log is below. The message on the browser screen confirms that squid is blocking the address. I tried the same software and configuration on ubuntu 8.04 and had the same issues. Thank you.

1274724540.610 193 192.168.100.9 TCP_DENIED/403 2710 GET http://www.unicef.org/ - NONE/- text/html

#whitelist.txt
.gov
.sheepguardingllama.com
.org
.chromalloy.com

#squid.conf
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.100.0/255.255.255.0, 192.168.101.0/255.255.255.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports

http_access deny to_localhost
icp_access deny all
htcp_access deny all

http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid

#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3

acl whitelist dstdomain "/etc/squid3/whitelist.txt"

http_access deny !localnet
http_access deny !whitelist
http_access deny all
Received on Mon May 24 2010 - 18:44:13 MDT

This archive was generated by hypermail 2.2.0 : Tue May 25 2010 - 12:00:06 MDT