Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3 from Leslie Jensen on 2013-01-14 (squid-users)

From: Leslie Jensen <leslie_at_eskk.nu>
Date: Mon, 14 Jan 2013 12:48:25 +0100

I've now upgraded squid to 3.2 and rewritten the firewall rule that
resulted in a forwarding loop.

Unfortunately I've got no access now and I can't see where I've made the
error.

The browser says squid is rejecting the requests:
Access control configuration prevents your request from being allowed at
this time.

1358162295.975 0 172.18.0.1 TCP_MISS/403 4052 GET
http://www.skatteverket.se/ - HIER_NONE/- text/html
1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
1358162296.110 0 172.18.0.1 TCP_MISS/403 4166 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1 text/html
1358162296.219 0 172.18.0.1 TCP_MISS/403 4058 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.219 1 172.18.0.102 TCP_MISS/403 4143 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
1358162296.239 0 172.18.0.1 TCP_MISS/403 4090 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.240 1 172.18.0.102 TCP_MISS/403 4175 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html

My squid.conf

---------------------------------------------------
http_port 172.18.0.1:8080 intercept
http_port 127.0.0.1:8080
cache_mem 32 MB
maximum_object_size 100 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256
cache_store_log none
access_log /usr/local/squid/logs/access.log squid
logfile_rotate 2
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl localnet src 172.18.0.1-172.18.0.254
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 591 # filemaker
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
visible_hostname machine01.no-ip.org
cache_mgr mymail_at_domain.se
buffered_logs on
coredump_dir /usr/local/squid/cache
---------------------------------------------------
Received on Mon Jan 14 2013 - 11:48:33 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 14 2013 - 12:00:03 MST