[ILUG] Squid not allowing browsing
Anthony Walters
anthony.walters at dkit.ie
Wed Aug 24 17:55:34 IST 2005
Hi chris
Chris Boyd wrote:
> I'm running squid 2.5 STABLE5 and behind a PIX firewall. Whenever I set the browser for the proxy it gives me a Squid "Access Denied" in the browser.
> I'm not sure if there is an error in my acls or ?
> Here is the (I believe) relevant part of squid.conf
>
> acl Safe_ports port 22 # ssh
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl mynetwork src 10.133.0.0/24
If you have multiple networks in the 10.133.x.x range then this line
should be:
acl mynetwork src 10.133.0.0/16
or this if you just have a single 10.133.2.x network:
acl mynetwork src 10.133.2.0/24
>
> http_access allow mynetwork
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT
> http_access deny all
>
> Here's the access.log:
>
> 1124897668.136 102 10.133.2.42 TCP_DENIED/403 1457 GET http://mail.yahoo.com/favicon.ico - NONE/- text/html
> 1124897675.723 924 10.133.2.42 TCP_DENIED/403 1427 GET http://google.com/ - NONE/- text/html
> 1124897675.840 117 10.133.2.42 TCP_DENIED/403 1449 GET http://google.com/favicon.ico - NONE/- text/html
>
>
Anthony
More information about the ILUG
mailing list