Hi chris
Chris Boyd wrote:
> I'm running squid 2.5 STABLE5 and behind a PIX firewall. Whenever I set the browser for the proxy it gives me a Squid "Access Denied" in the browser.
> I'm not sure if there is an error in my acls or ?
> Here is the (I believe) relevant part of squid.conf
>> acl Safe_ports port 22 # ssh
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl mynetwork src 10.133.0.0/24
If you have multiple networks in the 10.133.x.x range then this line
should be:
acl mynetwork src 10.133.0.0/16
or this if you just have a single 10.133.2.x network:
acl mynetwork src 10.133.2.0/24
>> http_access allow mynetwork
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT
> http_access deny all
>> Here's the access.log:
>> 1124897668.136 102 10.133.2.42 TCP_DENIED/403 1457 GET http://mail.yahoo.com/favicon.ico - NONE/- text/html
> 1124897675.723 924 10.133.2.42 TCP_DENIED/403 1427 GET http://google.com/ - NONE/- text/html
> 1124897675.840 117 10.133.2.42 TCP_DENIED/403 1449 GET http://google.com/favicon.ico - NONE/- text/html
>>
Anthony
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
