Hi, I think this is a little bit off-topic on this list, or should we start discussing all problems of all ports here? ...
Anyway, you should make sure to use "divert-to" instead of "rdr-to" in your pf.conf. "rdr-to" is considered to be obsolete for userland proxies (except for spamd). Reyk On Wed, Jun 19, 2013 at 04:08:06PM +0300, Lars Noodén wrote: > I'm running into some difficulty with "access denied" in squid3 when I > switch it to act as an intercepting proxy. It works as normal when I use > it as a regular proxy but when turning on intercepting (formerly > transparent proxying) the web browser shows this error: > > ...Access Denied. > > Access control vconfiguration prevents your request from > being allowed at this time. Please contact your service > provider if you feel this is incorrect > ... > > and the access log shows this kind of message in intercept mode but not > as a normal proxy: > > 1371640231.979 3 192.168.2.33 TCP_DENIED/403 4014 GET > http://blogs.hbr.org/cs/2013/06/you_have_no_control_over_s.html > - HIER_NONE/- text/html > > 1371640232.045 3 192.168.2.33 TCP_DENIED/403 3922 GET > http://www.squid-cache.org/Artwork/SN.png - > HIER_NONE/- text/html > > So I can see that PF is properly forwarding the connection and that the > browser is actually reaching squid3. > > However even completely removing any access limitations in squid.conf > does not let the browser through. The following should be open but still > produces the TCP_DENIED message: > > http_access allow all > ... > http_port 127.0.0.1:3128 intercept > > This occurs with in 5.3-stable on i386 with both squid/3.2.11 from ports > and with squid/3.2.7p0 from the CD, so what should I look at changing? > > Regards, > /Lars