On 2013-03-15, John Tate <j...@johntate.org> wrote: > I have a server I use to serve a squid proxy only accessible via ssh > tunnel, which has worked fine for over a year. I upgraded from OpenBSD 5.1 > to OpenBSD 5.2 and I've also rebuilt squid in ports. It has stopped working > for ssh tunnel connections. It works for the elinks browser, but both > should be from localhost and be no different as far as I know. > > I get these errors in the log: > [15/Mar/2013:04:01:40 -0700] elijah.secusrvr.com mail.google.com "CONNECT > mail.google.com:443 HTTP/1.1" 403 1323 "-" "Mozilla/5.0 (X11; Linux x86_64) > AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22" > TCP_DENIED:NONE >
iirc TCP_DENIED/403 is due to acl, try following this about getting some more logging: http://wiki.squid-cache.org/SquidFaq/SquidAcl#I_set_up_my_access_controls.2C_but_they_don.27t_work.21__why.3F "localhost" can be all sorts of things: 127.0.0.1, ::1, or even some other address, depending on what's set in /etc/resolv.conf and /etc/hosts.