On 23/11/2012 11:45 a.m., Eliezer Croitoru wrote:
The basic thing is to know he IP address of the client since you are
allowing only specific number of IP addresses to use the proxy.
You can send it to me on my private mail and just the relevant
"denied" lines are what I need.
Regards,
Eliezer
On 11/22/2012 4:41 PM, Leslie Jensen wrote:
Eliezer Croitoru skrev 2012-11-22 15:19:
Next time just clean the file first to make it more readable:
use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed
'/^$/d'
##start
<SNIP>
##end
it seems to me like forward proxy and the only reason I can think of to
not work is:
Missing credentials related settings.
With the current config file squid only allows users with specific SRC
ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
Also you didnt posted the access.log output for the request but it seem
like you have one missing ACL.
+ 3.2 intercept port receiving forward-proxy requests will reject them
due to NAT failure/lies.
+ 3.2 Host header validation *will* reject if forward traffic is
validated as being intercepted.
** you need at minimum to add a http_port line without "intercept" on it
for the Squid icons and configured browsers to fetch from.
Also, on checking the config file there are some minor anoyances which
will be adding extra warnings into your cache.log:
* the "QUERY" ACL is now deprecated. You should remove it from your
config along with the "no_cache" (obsolete by itself) directive that
uses it.
* the hierarchy_stoplist is also deprecated and causes slightly more
harm than good. Can be removed.
* default refresh pattern is outdated. The current CGI pattern is "
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 "
* remove localhost ACL re-definition. Using the old definition will
cause existing Squid to not even start. Fix for that has yet to be
published.
* remove localhost ACL re-definition
* remove to_localhost ACL re-definition
Amos
