Re: [squid-users] ACL Problems

From: Kelly <[email protected]>
Date: Tue, 6 Nov 2001 20:30:28 -0500

----- Original Message -----
From: "Colin Campbell" <sgcccdc@citec.qld.gov.au>
Sent: Monday, November 05, 2001 11:35 PM
Subject: Re: [squid-users] ACL Problems

>
> You aren't running a proxy. You are running an accelerator. There is
> almost a constant stream of questions on this very subject. You should be
> able to find answers in the mailing list archives. There's a whole FAQ
> section devoted to it. See:
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-20.html
>
> Colin

Okay, thanks for the RTFM but I'm afraid I was looking for something a
little more specific.

I've done numerous google groups searches & have read the docs at
squid-cache.org many times since I started working on this god forsaken
project late last week. Here's a copy of my current squid.conf which I took
pretty much verbatim from an example posted by someone claiming to have this
very setup.

http_port 81
cache_mem 16 MB
cache_dir ufs /home/cache 100 16 256
maximum_object_size 3000 KB
store_avg_object_size 50 KB
cache_mgr proxyadmin@mydomain.com
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs on
httpd_accel_host virtualdomain.mydomain.com
httpd_accel_uses_host_header on

acl myservers dst virtualdomain.mydomain.com
acl http protocol http
acl port81 port 81
acl all src 0.0.0.0/0
http_access allow myservers http port81
http_access deny all

In my access log file I see either:
TCP_DENIED/403 -or-
TCP_MISS/403
errors for all requests I've made.

I had questions about the "http_access deny all" but according to what I've
read in the docs, squid will do exactly the opposite of what you specify on
the last line.

Squid is running on my firewall box. It has complete unrestricted access to
the external interface. "virtualdomain.mydomain.com" is defined in
/etc/hosts.

The majority of this configuration file came from examples I found through
google groups or in the docs. I've tried various tweaks & an extra line
here or there, but it never works. I always get "ERROR The requested URL
could not be retrieved" when trying to access this host.

Any ideas *greatly* appreciated.
Received on Tue Nov 06 2001 - 18:29:56 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:55 MST