Hi, my first post here. I have installed Squid on my LAN. Right now I am having a real difficult time getting Squid to work. I am getting the dreaded Access Denied error. I am really confused because my ACL looks fine to me. I was wondering if anyone would be interested in looking at my squid.conf for me. I am not sure if i should post it here as an attachment or send it via email to you. This would be much appreciated.
What's the exact error message, and where/when do you get it? You can post it here directly (not as an attachment!).
Thank you for your reply. here is a snippet of some of the code Code: 1177197588.512 3 192.168.1.1 TCP_DENIED/403 1432 GET http://spa.snap.com/snap_preview_anywhere.js? - NONE/- text/html 1177197588.512 3 192.168.1.1 TCP_DENIED/403 1482 GET http://www.game-monitor.com/server-stat-image/203.82.114.251:27015.png - NONE/- text/html 1177197588.512 3 192.168.1.1 TCP_DENIED/403 1482 GET http://www.game-monitor.com/server-stat-image/203.82.114.251:27960.png - NONE/- text/html 1177197588.548 2 192.168.1.1 TCP_DENIED/403 1482 GET http://www.game-monitor.com/server-stat-image/203.82.114.251:27016.png - NONE/- text/html 1177197588.577 0 192.168.1.1 TCP_DENIED/403 1482 GET http://www.game-monitor.com/server-stat-image/203.82.114.251:28004.png - NONE/- text/html 1177197588.665 25 192.168.1.1 TCP_DENIED/403 1482 GET http://www.game-monitor.com/server-stat-image/203.82.114.251:27888.png - NONE/- text/html 1177197598.537 7 192.168.1.1 TCP_DENIED/403 1386 GET http://mail.yahoo.com/ - NONE/- text/html 1177197706.617 7 192.168.1.1 TCP_DENIED/403 1384 GET http://www.yahoo.com/ - NONE/- text/html 1177197713.505 8 192.168.1.1 TCP_DENIED/403 1394 GET http://gd.geobytes.com/gd? - NONE/- text/html 1177197716.758 13 192.168.1.1 TCP_DENIED/403 1384 GET http://www.yahoo.com/ - NONE/- text/html 1177197726.757 15 192.168.1.1 TCP_DENIED/403 1384 GET http://www.yahoo.com/ - NONE/- text/html And to answer you question... I receive these errors immediately after I try to browse a web site. Thank you for your help. Let me know what I can do to help generate a solution.
Thank you for the reply Here is the squid.conf Code: # TAG: http_port http_port 3128 transparent # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY # TAG: cache_vary # TAG: broken_vary_encoding acl apache rep_header Server ^Apache broken_vary_encoding allow apache # TAG: access_log access_log /var/log/squid/access.log squid # TAG: hosts_file hosts_file /etc/hosts # TAG: refresh_pattern refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # TAG: acl #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT #____TOM_____ acl my_network src 192.168.1.0/24 acl time time SMTWHFA #__ #__TOM__ http_access allow my_network http_access allow time #_ #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports #http_access deny !Safe_ports # Deny CONNECT to other than SSL ports #http_access deny CONNECT !SSL_ports http_access allow CONNECT # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # acl our_networks src 192.168.1.0/24 192.168.2.0/24 http_access allow our_networks #http_access allow localhost # And finally deny all other access to this proxy http_access deny all # http_reply_access allow all # #Recommended minimum configuration: # # Insert your own rules here. # # # and finally allow by default http_reply_access allow all # TAG: icp_access # icp_access deny all # #Allow ICP queries from everyone icp_access allow all # cache_effective_user proxy cache_effective_user tom # TAG: cache_effective_group cache_effective_group tom visible_hostname proxy Due to the 10000 character limit I have attached the squid.conf that was not edited.
I hear you. Thank you sir for your time. If anyone else out there knows someone or has a suggestion, I would greatly appreciate it. Thank you for your time again Falko. If you need anything from me, just ask.