Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all. Im still trying to get my squid proxy server going and i think im almost done getting it fixed, yesterday after taking the advice from some of the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2007
    Posts
    52

    Squid ACL error


    Hi all. Im still trying to get my squid proxy server going and i think im almost done getting it fixed, yesterday after taking the advice from some of the forum members i got the server up and going. However, i wasnt able to actually 'browse' anywhere when i connected to the server through its listening port 3128. So i decided to take the conf home and work on it as best i could. Its a big conf file but i feel that i need to paste the entire conf because i edited it as best i could. So here it is...

    Code:
    #Recommended minimum configuration per scheme:
    #auth_param negotiate program <uncomment and complete this line to activate>
    #auth_param negotiate children
    #auth_param negotiate keep_alive on
    #auth_param ntlm program <uncomment and complete this line to activate>
    #auth_param ntlm children 5
    #auth_param ntlm keep_alive on
    #auth_param digest program <uncomment and complete this line>
    #auth_param digest children 5
    #auth_param digest realm Squid proxy-caching web server
    #auth_param digest nonce_garbage_interval 5 minutes
    #auth_param digest nonce_max_duration 30 minutes
    #auth_param digest nonce_max_count 50
    #auth_param basic program <uncomment and complete this line>
    #auth_param basic children 5
    #auth_param basic realm Squid proxy-caching web server
    #auth_param basic credentialsttl 2 hours
    #auth_param basic casesensitive off
    # authenticate_cache_garbage_interval 1 hour
    # authenticate_ttl 1 hour
    # authenticate_ip_ttl 0 seconds
    # authenticate_ip_shortcircuit_ttl 0 seconds
    
    
    
    #Examples:
    acl macaddress arp 09:00:2b:23:45:67
    acl myexample dst_as 1241
    #acl password proxy_auth REQUIRED
    acl fileupload req_mime_type -i ^multipart/form-data$
    acl javascript rep_mime_type -i ^application/x-javascript$
    #
    #Recommended minimum configuration:
    
    acl all src all
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    #
    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    
    acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    
    
    #
    acl SSL_ports port 443		# https
    acl SSL_ports port 563		# snews
    acl SSL_ports port 873		# rsync
    acl Safe_ports port 80		# http
    acl Safe_ports port 21		# ftp
    acl Safe_ports port 443		# https
    acl Safe_ports port 70		# gopher
    acl Safe_ports port 210		# wais
    acl Safe_ports port 1025-65535	# unregistered ports
    acl Safe_ports port 280		# http-mgmt
    acl Safe_ports port 488		# gss-http
    acl Safe_ports port 591		# filemaker
    acl Safe_ports port 777		# multiling http
    acl Safe_ports port 631		# cups
    acl Safe_ports port 873		# rsync
    acl Safe_ports port 901		# SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    
    
    
    # -----------------------  HTTP Access Controls
    http_access allow all
    # Squid normally listens to port 3128
    http_port 10.1.10.88:3128 
    #https_port 10.1.10.88:443 defaultsite=visolve.com
    http_access allow manager localhost
    http_access deny manager
    # Only allow purge requests from localhost
    http_access allow purge localnet
    http_access deny purge
    http_access allow localnet
    http_access deny all
    http_reply_access allow all
    # -----------------------------------------------------------
    htcp_access allow localnet
    htcp_access deny all
    #acl htcp_clr_peer src 172.16.1.2
    #htcp_clr_access allow htcp_clr_peer
    # htcp_clr_access deny all
    # miss_access allow all
    # ident_lookup_access deny all
    # reply_body_max_size 0 allow all
    # authenticate_ip_shortcircuit_access
    # follow_x_forwarded_for deny all
    # delay_pool_uses_indirect_client on
    # log_uses_indirect_client on
    # sslproxy_client_certificate
    # sslproxy_client_key
    # sslproxy_version
    # sslproxy_version 1
    # sslproxy_options
    # sslproxy_cipher
    # sslproxy_cafile
    # sslproxy_capath
    # zph_mode off
    # zph_local 0
    # zph_sibling 0
    # zph_parent 0
    # zph_option 136
    # cache_peer_access
    # dead_peer_timeout 10 seconds
    hierarchy_stoplist cgi-bin ? #We recommend you to use at least this following line.
    # cache_mem 8 MB
    # maximum_object_size_in_memory 8 KB
    # memory_replacement_policy lru
    # cache_replacement_policy lru
    # cache_dir ufs /var/spool/squid 100 16 256
    # store_dir_select_algorithm least-load
    # max_open_disk_fds 0
    # minimum_object_size 0 KB
    # maximum_object_size 20480 KB
    # cache_swap_low 90
    # cache_swap_high 95
    update_headers on
    # ----------------------------------------------------------------------------
    
    
    
    
    
    # -----------------------------------------------------------------------------
    # LOGFILE OPTIONS
    # -----------------------------------------------------------------------------
    
    
    logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
    logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
    logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
    logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
    access_log /var/log/squid/access.log squid
    # log_access	allow|deny acl acl...
    # logfile_daemon /usr/lib/squid/logfile-daemon
    # cache_log /var/log/squid/cache.log
    # cache_store_log /var/log/squid/store.log
    # cache_swap_state
    # logfile_rotate 0
    # emulate_httpd_log off
    # log_ip_on_direct on
    mime_table /usr/share/squid/mime.conf
    # log_mime_hdrs off
    # useragent_log
    # referer_log
    # pid_filename /var/run/squid.pid
    # debug_options ALL,1
    # log_fqdn off
    # client_netmask 255.255.255.255
    # forward_log
    # strip_query_terms on
    # buffered_logs off
    # netdb_filename /var/spool/squid/logs/netdb.state
    
    # -----------------------------------------------------------------------------
    # OPTIONS FOR FTP GATEWAYING
    # -----------------------------------------------------------------------------
    
    # ftp_user Squid@
    # ftp_list_width 32
    # ftp_passive on
    # ftp_sanitycheck on
    # ftp_telnet_protocol on
    
    # -----------------------------------------------------------------------------
    # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
    # -----------------------------------------------------------------------------
    
    # diskd_program /usr/lib/squid/diskd-daemon
    # unlinkd_program /usr/lib/squid/unlinkd
    # pinger_program /usr/lib/squid/pinger
    
    # -----------------------------------------------------------------------------
    # OPTIONS FOR URL REWRITING
    # -----------------------------------------------------------------------------
    
    #  TAG: storeurl_rewrite_program
    # storeurl_rewrite_children 5
    # storeurl_rewrite_concurrency 0
    # url_rewrite_program
    # url_rewrite_children 5
    # url_rewrite_concurrency 0
    # url_rewrite_host_header on
    # url_rewrite_access
    # storeurl_access
    # redirector_bypass off
    # location_rewrite_program
    # location_rewrite_children 5
    # location_rewrite_concurrency 0
    # location_rewrite_access
    
    
    # -----------------------------------------------------------------------------
    # OPTIONS FOR TUNING THE CACHE
    # -----------------------------------------------------------------------------
    
    #  cache
    # max_stale 1 week
    refresh_pattern ^ftp:		1440	20%	10080
    refresh_pattern ^gopher:	1440	0%	1440
    refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    refresh_pattern (Release|Package(.gz)*)$	0	20%	2880
    refresh_pattern .		0	20%	4320
    # quick_abort_min 16 KB
    # quick_abort_max 16 KB
    # quick_abort_pct 95
    # read_ahead_gap 16 KB
    # negative_ttl 5 minutes
    # positive_dns_ttl 6 hours
    # negative_dns_ttl 1 minute
    # range_offset_limit 0 KB
    # minimum_expiry_time 60 seconds
    # store_avg_object_size 13 KB
    # store_objects_per_bucket 20
    
    # -----------------------------------------------------------------------------
    # HTTP OPTIONS
    # -----------------------------------------------------------------------------
    
    # request_header_max_size 20 KB
    # reply_header_max_size 20 KB
    # request_body_max_size 0 KB
    # acl buggy_server url_regex ^http://....
    # broken_posts allow buggy_server
    acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
    upgrade_http0.9 deny shoutcast
    via on
    cache_vary on
    acl apache rep_header Server ^Apache
    # broken_vary_encoding allow apache
    # collapsed_forwarding off
    # refresh_stale_hit 0 seconds
    ie_refresh on
    # vary_ignore_expire off
    extension_methods REPORT MERGE MKACTIVITY CHECKOUT
    # request_entities off
    header_access Proxy-Connection allow all
    # header_replace
    # relaxed_header_parser on
    # server_http11 off
    # ignore_expect_100 off
    # external_refresh_check
    
    # -----------------------------------------------------------------------------
    # TIMEOUTS
    # -----------------------------------------------------------------------------
    
    # forward_timeout 4 minutes
    # connect_timeout 1 minute
    # peer_connect_timeout 30 seconds
    # read_timeout 15 minutes
    # request_timeout 5 minutes
    # persistent_request_timeout 2 minutes
    # client_lifetime 1 day
    # half_closed_clients on
    # pconn_timeout 1 minute
    # ident_timeout 10 seconds
    # shutdown_lifetime 30 seconds
    
    # -----------------------------------------------------------------------------
    # ADMINISTRATIVE PARAMETERS
    # -----------------------------------------------------------------------------
    
    # cache_mgr Matt-Admin
    # mail_from
    # mail_program mail
    # cache_effective_user proxy
    # cache_effective_group
    # httpd_suppress_version_string off
    # visible_hostname
    # unique_hostname
    # hostname_aliases none
    umask 027
    
    # -----------------------------------------------------------------------------
    # OPTIONS FOR THE CACHE REGISTRATION SERVICE
    # -----------------------------------------------------------------------------
    
    # announce_period 0
    
    # announce_period 1 day
    # announce_host tracker.ircache.net
    # announce_port 3131
    
    # -----------------------------------------------------------------------------
    # HTTPD-ACCELERATOR OPTIONS
    # -----------------------------------------------------------------------------
    
    # httpd_accel_no_pmtu_disc off
    
    # -----------------------------------------------------------------------------
    # DELAY POOL PARAMETERS
    # -----------------------------------------------------------------------------
    
    # delay_pools 0
    # delay_pools 2      # 2 delay pools
    # delay_class 1 2    # pool 1 is a class 2 pool
    # delay_class 2 3    # pool 2 is a class 3 pool
    # delay_access 1 allow some_big_clients
    # delay_access 1 deny all
    # delay_access 2 allow lotsa_little_clients
    # delay_access 2 deny all
    # delay_parameters 2 32000/32000 8000/8000 600/8000
    # delay_initial_bucket_level 50
    
    # -----------------------------------------------------------------------------
    # WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
    # -----------------------------------------------------------------------------
    
    
    # wccp_router 0.0.0.0
    # wccp_version 4
    # wccp2_rebuild_wait on
    # wccp2_forwarding_method 1
    # wccp2_return_method 1
    # wccp2_assignment_method 1
    # wccp2_service standard 0
    # wccp2_service_info 
    # wccp2_weight 10000
    # wccp_address 0.0.0.0
    # wccp2_address 0.0.0.0
    
    # -----------------------------------------------------------------------------
    # PERSISTENT CONNECTION HANDLING
    # -----------------------------------------------------------------------------
    
    
    # client_persistent_connections on
    # server_persistent_connections on
    # persistent_connection_after_error off
    # detect_broken_pconn off
    
    # -----------------------------------------------------------------------------
    # CACHE DIGEST OPTIONS
    # -----------------------------------------------------------------------------
    
    # digest_generation on
    # digest_bits_per_entry 5
    # digest_rebuild_period 1 hour
    # digest_rewrite_period 1 hour
    # digest_swapout_chunk_size 4096 bytes
    # digest_rebuild_chunk_percentage 10
    
    # -----------------------------------------------------------------------------
    # SNMP OPTIONS
    # -----------------------------------------------------------------------------
    
    # snmp_port 
    # snmp_access allow all
    # snmp_incoming_address 0.0.0.0
    # snmp_outgoing_address 255.255.255.255
    
    
    
    
    # -----------------------------------------------------------------------------
    # ICP OPTIONS
    # -----------------------------------------------------------------------------
    
    icp_access allow localnet
    icp_access deny all
    icp_port 3130
    # htcp_port 0
    # log_icp_queries on
    # udp_incoming_address 0.0.0.0
    # udp_outgoing_address 255.255.255.255
    # icp_hit_stale off
    # minimum_direct_hops 4
    # minimum_direct_rtt 400
    # netdb_low 900
    # netdb_high 1000
    # netdb_ping_period 5 minutes
    # query_icmp off
    # test_reachability off
    icp_query_timeout 2000
    #maximum_icp_query_timeout 5000
    #minimum_icp_query_timeout 4000
    
    # -----------------------------------------------------------------------------
    # MULTICAST ICP OPTIONS
    # -----------------------------------------------------------------------------
    
    # mcast_groups
    # mcast_miss_addr 255.255.255.255
    # mcast_miss_ttl 16
    # mcast_miss_port 3135
    # mcast_miss_encode_key XXXXXXXXXXXXXXXX
    # mcast_icp_query_timeout 2000
    
    
    
    
    
    
    # -----------------------------------------------------------------------------
    # INTERNAL ICON OPTIONS
    # -----------------------------------------------------------------------------
    
    # icon_directory /usr/share/squid/icons
    # global_internal_static on
    short_icon_urls off
    
    # -----------------------------------------------------------------------------
    # ERROR PAGE OPTIONS
    # -----------------------------------------------------------------------------
    
    # error_directory /usr/share/squid/errors/English
    # error_map none
    # err_html_text none
    # deny_info none
    
    
    # -----------------------------------------------------------------------------
    # OPTIONS INFLUENCING REQUEST FORWARDING 
    # -----------------------------------------------------------------------------
    
    nonhierarchical_direct on
    # prefer_direct off
    ignore_ims_on_miss off
    always_direct allow HTTP
    # never_direct
    max_filedescriptors 0
    
    ## The accept_filter httpready is for FreeBSD
    #accept_filter httpready
    
    ## The accept_filter data is for Linux
    accept_filter data
    
    # Can you set network bandwidth this way too? O_o
    tcp_recv_bufsize 0 bytes
    incoming_rate 30
    
    
    
    # -----------------------------------------------------------------------------
    # DNS OPTIONS
    # -----------------------------------------------------------------------------
    
    check_hostnames on
    allow_underscore on
    # cache_dns_program /usr/lib/squid/dnsserver
    # dns_children 5
    dns_retransmit_interval 10 seconds
    dns_timeout 2 minutes
    # dns_defnames off
    #dns_nameservers 10.0.0.1 192.172.0.4
    hosts_file /etc/hosts
    dns_testnames google.com yahoo.com icq.com myspace.com
    # append_domain .yourdomain.com
    ignore_unknown_nameservers off
    # ipcache_size 1024
    # ipcache_low 90
    # ipcache_high 95
    # fqdncache_size 1024
    
    # -----------------------------------------------------------------------------
    # MISCELLANEOUS OPTIONS
    # -----------------------------------------------------------------------------
    
    # memory_pools on
    # memory_pools_limit 5 MB
    # cachemgr_passwd disable all
    client_db on
    # Note: reload_into_ims does not look like a good idea, better keep it disabled. 
    # reload_into_ims off
    maximum_single_addr_tries 3
    retry_on_error on
    # as_whois_server whois.ra.net
    # as_whois_server whois.ra.net
    # offline_mode off
    # uri_whitespace strip
    coredump_dir /var/spool/squid
    # chroot
    # balance_on_multiple_ip on
    # pipeline_prefetch off
    # high_page_fault_warning
    # high_response_time_warning 0
    # high_memory_warning 0 
    # sleep_after_fork 0
    # zero_buffers on
    # windows_ipaddrchangemonitor on


    After spending like 3 hours working on that and reading from a .pdf i felt that i took all the needed steps into getting a _working_ proxy server for my job. However even after all of that i got the following error.

    Code:
    Starting Squid HTTP proxy: squid2009/08/21 13:44:18| ACL name 'HTTP' not defined!
    FATAL: Bungled squid.conf line 445: always_direct allow HTTP
    Squid Cache (Version 2.7.STABLE3): Terminated abnormally.
     failed!
    And before i mustered up the time to post this i thought i would try to investigate this further by getting the original conf thats in /usr/share/doc/squid/examples/squid.conf This is Squid 2.7 Stable 3 - Any help on this would be much appreciated. Thanx in advance!

  2. #2
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    96
    Hi,

    The error itself shows that you have an issue with line 445

    The syntax for always_direct is " always_direct allow|deny acl_name ". The error is complaining that your calling an acl named HTTP in your squid.conf file (line 445) but that acl is nowhere defined in the config file.

    As explained in the .conf file, this directive is used to specify the client requests to be forwarded directly to origin servers without using any peers. Since you are calling the acl HTTP, you might as well define an acl like

    acl HTTP proto HTTP

    -- Syd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •