This is your problem:
acl BANDOMAIN urlpath_regex www .com .net
=> http://mis3.home.company/inhouse/COMmon/login.asp?goto=/inhouse/leave/Default.asp&fnum.
In this acl your blocking every url with www, com or net! You should use dest domain instead.
rgrds,
Bart squid squid wrote:
Hi,
I have just compiled Squid 2.5 Stable 4 and running it on Solaris 8 on an Intranet environment. However I am having problem accessing sites with URL like http://mis3.home.company/inhouse/common/login.asp?goto=/inhouse/leave/Default.asp&fnum.
The error message is as follows:
The requested URL could not be retrieved.
While trying to retrieve the URL: http://mis3.home.company/inhouse/common/login.asp?
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being alloed at this time. Pls contact your service provider if you feel this is incorrect.
On the access logfile, I got 403 TCP_DENIED:NONE.
Pls advise what could have gone wrong. Thank you.
My squid.conf is as follows:
# NETWORK OPTIONS http_port 3128 icp_port 0
# OPTION WHICH AFFECT NEIGHBOUR SELECTION ALGORITHM cache_peer 123.45.1.30 parent 3128 0 no-query proxy-only acl query urlpath_regex cgi-bin \? acl dynamic_contents urlpath_regex \*\.asp acl dynamic_contents urlpath_regex \*\.jsp no_cache deny query dynamic_contents
# OPTIONS WHICH AFFECT THE CACHE SIZE cache_mem 10 MB maximum_object_size 1024 KB maximum_object_size_in_memory 1024 KB
# LOGFILE PATHNAMES & CACHE DIRECTORIES cache_dir ufs /usr/local/squid/var/cache 3000 16 256 cache_access_log /usr/local/squid/var/logs/access.log cache_log /usr/local/squid/var/logs/cache.log pid_filename /usr/local/squid/var/logs/squid.pid cache_store_log none emulate_httpd_log on log_ip_on_direct off mime_table /usr/local/squid/etc/mime.conf log_mime_hdrs off debug_options ALL,1 log_fqdn off
# OPTIONS FOR TUNING THE CACHE request_header_max_size 1 KB negative_ttl 5 minutes positive_dns_ttl 30 minutes negative_dns_ttl 1 minutes
# TIMEOUTS connect_timeout 120 seconds peer_connect_timeout 120 seconds read_timeout 5 minutes request_timeout 5 minutes half_closed_clients off pconn_timeout 15 seconds shutdown_lifetime 10 seconds
# DEFAULT ACCESS CONTROLS acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_PORTS port 343 443 7002 8000 9000 15000 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl SSL method CONNECT
# Only allow administrator access from localhost http_access allow manager localhost http_access deny manager
# Deny requests to unknown ports http_access deny !Safe_ports
#Deny CONNECT to other than SSL ports and no direct connection for SSL http_access deny SSL !SSL_ports never_direct allow SSL
# Ban on file types and domain acl BANFILE urlpath_regex \.bmp$ \.mp3$ \.mpg$ \.avi$ acl BANDOMAIN urlpath_regex www .com .net http_access deny BANFILE http_access deny BANDOMAIN
# For the cache purge acl PURGE method purge http_access allow PURGE localhost http_access deny PURGE
# Commom application/web servers in local acl direct-svr dstdomain mis3.home.company always_direct allow direct-svr
# Commom application/web servers housed remote and access thru' 123.45.1.30
acl remote-svr dst 123.45.1.31
cache_peer_access 123.45.1.30 allow remote-svr
never_direct allow remote-svr
# Allow requests to proxy http_access allow all
# HTTPD-ACCELERATOR OPTIONS # For Squid to run as transparent proxy httpd_accel_uses_host_header on
# ADMINISTRATIVE PARAMETERS cache_mgr [EMAIL PROTECTED] cache_effective_user nobody visible_hostname proxy.inet.company
# MISCELLANEOUS dns_testnames home.company mis3.home.company memory_pools off cachemgr_passwd none all snmp_port 0 client_db off
_________________________________________________________________
Get 10mb of inbox space with MSN Hotmail Extra Storage http://join.msn.com/?pgmarket=en-sg
-- Schelstraete Bart http://www.hansbeke.com email: bart at schelstraete.org
