On 2014-07-04 03:42, WiNET . wrote:
> I keep getting:
>
> Access Denied.
>
> Access control configuration prevents your request from being allowed
> at this time. Please contact your service provider if you feel this is
> incorrect.
>
> Your cache administrator is webmaster.
>
>
> I'm not sure what is wrong. I used to run squid2.7 a long while ago,
> this is my first time trying to setup squid3 (squid v3.3.8 if I'm not
> mistaken)
This is because of the fix for CVE-2009-0801. NAT on a separate machine
has never actually worked properly even in 2.7. The fix we have in
current Squid involves verifying the TCP destination IP, which also
enforces that NAT is performed on the Squid machine instead of remotely.
You need to use policy routing or similar mechanisms on the router to
get the packets to the Squid machine unchanged for interception to work.
Amos
Received on Fri Jul 04 2014 - 02:11:05 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 04 2014 - 12:00:05 MDT