> On Dec 19, 2016, at 1:31 PM, Antony Stone <antony.st...@squid.open.source.it>
> wrote:
>
> On Monday 19 December 2016 at 17:44:11, Sameh Onaissi wrote:
>
>> Hello,
>>
>> I was using squid client to get cache stats, however this morning it
>> completely stopped working.
>
>> <center><img src="http://mydomainname.com/squid/access_denied.jpg";
>> alt="Acceso Denegado" style="width:704px;height:428px;"></center>
>
>> the html code is the code of my redirect page whenever a client tries to
>> access a blacklisted website.
>
> How big is your blacklist? Could you show us what's in it?
>
> Have you added the proxy itself to the whitelist?
The blacklist consistes of the ads, porn, socialnet and spyware lists of the BL
list.
I added both LAN and WAN IPs of the server to the whitelist but didn’t help.
So, I changed my default acl setting in squid guard config file to pass all for
now (I know it is not ideal), just to monitor the cache as I am trying to get
the HIT ratio up. (currently only at 7.8%)
squid guard config: pastebin.com/bbe8CWLE
>
>> squid.conf: http://pastebin.com/TQ8H6bRp
>
> Quote from your config:
>
> acl Safe_ports port 587 #SMTP
>
> Did you read Amos' reply "SMTP is the #1 worst protocol to let anywhere near
> an HTTP proxy. Preventing what you have allowed to happen is one of the
> primary reasons Safe_ports exists in the first place!”
The reason I allow 587 is because the Squid Proxy lives on the same server as a
mail server which needs this port, and several clients have their mail clientes
(Outlook..etc) already configured to use this port.
>
> http://lists.squid-cache.org/pipermail/squid-users/2016-December/013776.html
>
> By the way, what did you have to fix to prevent those public IP addresses
> being
> able to access your Squid proxy?
I basically let them get blocked by squid for a day or two and they stopped. I
just allowed LAN source IPs.
>
> http://lists.squid-cache.org/pipermail/squid-users/2016-December/013764.html
>
>
> Antony.
>
> --
> Pavlov is in the pub enjoying a pint.
> The barman rings for last orders, and Pavlov jumps up exclaiming "Damn! I
> forgot to feed the dog!"
>
> Please reply to the list;
> please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
![http://mydomainname.com/squid/access_denied.jpg"](http://mydomainname.com/squid/access_denied.jpg"){kind=link}