[squid-users] http access to non-standard port e.g. 8080

From: Jiøí Rotter <jirka_at_radobyl.eu>
Date: Tue, 03 Apr 2012 15:42:02 +0200

Hello people,

after few hours of searching I forced to ask, because I haven't found
answer. Maybe because port 8080 is commonly used for proxy itself.

But the problem is "simple". Clients behind proxy can't reach any site
on non standard port (8080 for example). Everytime browser tell "ERROR,
the requested URL could not be retrieved" with (111) Connection refused.

Iam using Squid3 at SLES

In access log I see only
TCP_MISS/503 4621 GET
http://o6.nyx.cz:8080/pulse/nyxMUTANTIKf8d715ba1ff5b0f9941495f42f62de51/nyxtopic11879
<USER> DIRECT/62.24.64.52 text/html

It is not difference between authenticated or user using direct connect.
Even with "http_access allow all" doing the same.

I don't think that is neccessary to post config, but just to be complete:

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl SSL_ports port 443
acl SSL_ports port 1494
acl SSL_ports port 2598
acl Safe_ports port 8080
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl IM port 5222
acl IM port 5190
acl IM port 1533
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
acl apache rep_header Server ^Apache

#broken_vary_encoding allow apache

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports !IM

http_access allow localhost

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30

auth_param negotiate program /usr/sbin/negotiate_kerb_auth -d -s
GSS_C_NO_NAME
auth_param negotiate program /usr/sbin/squid_kerb_auth -d
auth_param negotiate children 30
auth_param negotiate keep_alive on

auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 30
auth_param basic realm <REALM>
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

authenticate_cache_garbage_interval 10 seconds
authenticate_ttl 0 seconds

acl AuthorizedUsers proxy_auth REQUIRED

external_acl_type group ttl=3600 children=5 %LOGIN
/usr/sbin/wbinfo_group.pl

include /etc/squid/acl/definice/*.acl
include /etc/squid/acl/pravidla/*.acl

access_log /var/log/squid/access.log squid

http_access allow all AuthorizedUsers

http_access deny all

log_access allow all
log_access deny premium

#==== DON'T TOUCH BELOW !!! ===========

icp_access allow localnet
icp_access deny all

ignore_expect_100 on

http_port 3128

hierarchy_stoplist cgi-bin ?

cache_mem 40 MB

memory_replacement_policy lru

cache_replacement_policy lru

cache_dir ufs /var/cache/squid 10000 16 256

minimum_object_size 0 KB

maximum_object_size 4096 KB

cache_swap_low 90
cache_swap_high 95

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

emulate_httpd_log off

ftp_passive on

refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

connect_timeout 2 minutes

client_lifetime 1 days

cache_mgr <email>

error_directory /etc/squid/errors

coredump_dir /var/cache/squid

Jirka
Received on Tue Apr 03 2012 - 13:42:11 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 03 2012 - 12:00:02 MDT