Results 1 to 3 of 3
OK, first off I'm new to this so I'm not familiar with all you guy's lingo. More details is always better.
It would seem as though Squid is denying everything, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-03-2006 #1Just Joined!
- Join Date
- Oct 2004
- Posts
- 4
Squid is denying everything (on a fresh install)
OK, first off I'm new to this so I'm not familiar with all you guy's lingo. More details is always better.
It would seem as though Squid is denying everything, even when I specifically set it to allow local connectivity. To get it to work, my http_access looks like this:
Yes, I know this thing is wide-open, but it's the only way to get it to work. My network is on a 192.168.0.x IP scheme, and the subnet whateverthehellyoucallit is 255.255.255.0. Logically, I would think this would work, since my entire network is on the "white list":Code:# http_access allow manager localhost # http_access deny manager # http_access deny !Safe_ports # http_access deny CONNECT !SSL_ports # http_access deny to_localhost # acl our_networks src 192.168.0.0/24 # http_access allow our_networks http_access allow all
But it doesn't work. All I get is a simple "Access Denied."Code:# http_access allow manager localhost # http_access deny manager # http_access deny !Safe_ports # http_access deny CONNECT !SSL_ports # http_access deny to_localhost acl our_networks src 192.168.0.0/24 http_access allow our_networks http_access deny all
What gives? This seems to defy logic!
- 06-03-2006 #2Linux Engineer
- Join Date
- Oct 2004
- Location
- North Carolina
- Posts
- 1,077
and I will start by saying I am not the squid expert, but aren't the acl's to define stuff and then the http_access is to allow or deny stuff defined?
Originally Posted by sac_tagg OK, first off I'm new to this so I'm not familiar with all you guy's lingo. More details is always better.
It would seem as though Squid is denying everything, even when I specifically set it to allow local connectivity. To get it to work, my http_access looks like this:
Yes, I know this thing is wide-open, but it's the only way to get it to work. My network is on a 192.168.0.x IP scheme, and the subnet whateverthehellyoucallit is 255.255.255.0. Logically, I would think this would work, since my entire network is on the "white list":Code:# http_access allow manager localhost # http_access deny manager # http_access deny !Safe_ports # http_access deny CONNECT !SSL_ports # http_access deny to_localhost # acl our_networks src 192.168.0.0/24 # http_access allow our_networks http_access allow all
But it doesn't work. All I get is a simple "Access Denied."Code:# http_access allow manager localhost # http_access deny manager # http_access deny !Safe_ports # http_access deny CONNECT !SSL_ports # http_access deny to_localhost acl our_networks src 192.168.0.0/24 http_access allow our_networks http_access deny all
What gives? This seems to defy logic!
I am not currently using squid and just glanced at my old conf file. it looks like for every http_access there is an acl defining it. If that is true then your conf is just defining your network and not allowing or denying it, so then everything gets denied.
check this link
http://squid-docs.sourceforge.net/latest/html/x591.html
- 06-05-2006 #3Linux User
- Join Date
- May 2003
- Location
- Godzone
- Posts
- 416
I only installed squid once and I don't have the config file here at the moment.
acl are read from top to bottom and squid stops reading them when one is a conclusive match.
Does it work if you specify just one source address,
acl home_nw 192.168.0.65
http_access allow home_nw
http_access deny all
Just want to see if taking it a step back makes it works. What do logs say?I am on a journey to mastering Linux and I got a bloody long way to go!!!
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
