Re: [squid-users] Adding WAN IP address to SQUID.CONF so users can run .net program

Hi Amos,

Even if I do not use the IP address the .services.chromalloy.local is
being blocked.

Adding the IP to this line
acl localServices dstdomain .services.chromalloy.local 192.168.3.42

did not fix anything. Both addresses are blocked.

****************** access.log
1316025786.929 25 192.168.100.19 TCP_DENIED/403 2419 GET
http://192.168.3.42/ - NONE/- text/html
1316025789.582 0 192.168.100.19 TCP_DENIED/403 2227 GET
http://192.168.3.42/ - NONE/- text/html
1316025793.845 0 192.168.100.19 TCP_DENIED/403 2475 GET
http://services.chromalloy.local:8888/ - NONE/- text/html
1316025796.746 0 192.168.100.19 TCP_DENIED/403 2283 GET
http://services.chromalloy.local:8888/ - NONE/- text/html

Thank you, Margaret

My config file:
****************************************************************************************
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.100.0/24 192.168.101.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8888 # cnv virtual cage

acl CONNECT method CONNECT

#2011-09-13 from squid-cache maillist, Amos Jeffries
cache_peer 192.168.3.42 parent 8888 0 originserver no-query name=services
acl localServices dstdomain .services.chromalloy.local 192.168.3.42
cache_peer_access services allow localServices
cache_peer_access services deny all
http_access allow localnet localServices

http_access allow manager SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports

http_access deny to_localhost
icp_access deny all
htcp_access deny all

http_port 3128
access_log /var/log/squid3/access.log squid

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3

acl whitelist dstdomain "/etc/squid3/whitelist.txt"

# Allow localnet machines to whitelisted sites
http_access allow localnet whitelist

# block all other access
http_access deny all

****************************************************************************************

"This e-mail message and any attachment(s) are for the sole use of the
intended recipient(s) and may contain company proprietary, privileged or
confidential information. If you are not the intended recipient(s), please
contact the sender by reply e-mail, advise them of the error and destroy
this message and its attachments as well as any copies. The review, use or
distribution of this message or its content by anyone other than the
intended recipient or senior management of the company is strictly
prohibited."
Received on Wed Sep 14 2011 - 18:45:26 MDT