Re: [squid-users] ACL Problems

From: Kelly <[email protected]>
Date: Tue, 6 Nov 2001 21:00:46 -0500

> http_port 81
> cache_mem 16 MB
> cache_dir ufs /home/cache 100 16 256
> maximum_object_size 3000 KB
> store_avg_object_size 50 KB
> cache_mgr proxyadmin@mydomain.com
> cache_effective_user squid
> cache_effective_group squid
> log_icp_queries off
> buffered_logs on
> httpd_accel_host virtualdomain.mydomain.com
> httpd_accel_uses_host_header on
>
> acl myservers dst virtualdomain.mydomain.com
> acl http protocol http
> acl port81 port 81
> acl all src 0.0.0.0/0
> http_access allow myservers http port81
> http_access deny all
>
> In my access log file I see either:
> TCP_DENIED/403 -or-
> TCP_MISS/403
> errors for all requests I've made.
>

I *may* have at least figured out what the problem is...

virtualdomain.mydomain.com is defined in the zone file for mydomain.com -
points to the public address. It is also defined in /etc/hosts, where it
points to the real IP of the web server.

Is squid just looping on me? Trying to pull something from the firewall
when there's obviously nothing there for it to get? I've seen no entries in
the access log on the web server, but I had been assuming that was because
the requests weren't going through (due to improper squid configuration).

If this is the problem, I'm worried. From what I've read over the past week
it seems as if squid has real problems pulling info from /etc/hosts as
opposed to the zone file. You at least have to compile with extra
arguments, which I didn't do, and even then it seems like I've seen a lot of
people writing saying they were having problems accessing the hosts file.

If this is the problem, is there a quick & dirty way to make squid read from
/etc/hosts instead of DNS?

Thanks.
Received on Tue Nov 06 2001 - 18:59:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:55 MST