Amos Jeffries skrev 2012-11-23 03:14:
> On 23/11/2012 11:45 a.m., Eliezer Croitoru wrote:
>> The basic thing is to know he IP address of the client since you are
>> allowing only specific number of IP addresses to use the proxy.
>> You can send it to me on my private mail and just the relevant
>> "denied" lines are what I need.
>>
>> Regards,
>> Eliezer
>>
>> On 11/22/2012 4:41 PM, Leslie Jensen wrote:
>>>
>>>
>>> Eliezer Croitoru skrev 2012-11-22 15:19:
>>>> Next time just clean the file first to make it more readable:
>>>> use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed
>>>> '/^$/d'
>>>>
>>>> ##start
>> <SNIP>
>>>> ##end
>>>>
>>>> it seems to me like forward proxy and the only reason I can think of to
>>>> not work is:
>>>> Missing credentials related settings.
>>>> With the current config file squid only allows users with specific SRC
>>>> ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
>>>> Also you didnt posted the access.log output for the request but it seem
>>>> like you have one missing ACL.
>
> + 3.2 intercept port receiving forward-proxy requests will reject them
> due to NAT failure/lies.
>
> + 3.2 Host header validation *will* reject if forward traffic is
> validated as being intercepted.
>
>
> ** you need at minimum to add a http_port line without "intercept" on it
> for the Squid icons and configured browsers to fetch from.
>
>
> Also, on checking the config file there are some minor anoyances which
> will be adding extra warnings into your cache.log:
>
> * the "QUERY" ACL is now deprecated. You should remove it from your
> config along with the "no_cache" (obsolete by itself) directive that
> uses it.
>
> * the hierarchy_stoplist is also deprecated and causes slightly more
> harm than good. Can be removed.
>
> * default refresh pattern is outdated. The current CGI pattern is "
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 "
>
> * remove localhost ACL re-definition. Using the old definition will
> cause existing Squid to not even start. Fix for that has yet to be
> published.
>
> * remove localhost ACL re-definition
>
> * remove to_localhost ACL re-definition
>
>
> Amos
Thank you for all the good advise.
I couldn't find any denied lines in the log!
I'll run another test with 3.2 in the weekend using Amos suggestions and
report back from that.
/Leslie
Received on Fri Nov 23 2012 - 07:07:12 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 23 2012 - 12:00:05 MST