RE: [squid-users] Squid & FTP

From: Greg Darby <[email protected]>
Date: Fri, 24 Oct 2003 09:51:19 +0930

Hi,

Here are my rules....

acl all src 0.0.0.0 0.0.0.0
acl manager proto cache_object
acl FTP proto FTP
acl localhost src 127.0.0.1/255.255.255.255
acl manstaff src 192.168.10.5 192.168.10.13 192.168.10.25
acl ftpaccess src 192.168.10.5 192.168.10.18
acl panorama src 192.168.10.0/255.255.255.0
acl allowzip urlpath_regex -i \.mp3$ \.mov$ \.mpeg$
acl nomp3 urlpath_regex -i \.mp3$ \.mov$ \.mpeg$ \.zip$
acl SSL_ports port 443 563
acl Safe_ports port 80 81 82 8000
acl Safe_ports port 21
acl Safe_ports port 443 563
acl CONNECT method CONNECT

http_access deny FTP
http_access allow FTP ftpaccess
http_access deny allowzip
http_access allow manstaff
http_access deny nomp3
http_access allow localhost
http_access allow panorama
http_access deny all

As my rules show there are relaxed restrictions on some hosts but the
majority face the ACL's.. I don't understand why but all i need is for IP's
192.168.10.5 & 192.168.10.18 to have ftp access and all other hosts denied
this.

Can you pls help?

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, 24 October 2003 2:47 AM
To: Greg Darby
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Squid & FTP

On Thu, 23 Oct 2003, Greg Darby wrote:

> This is the message shown..
>
> Access control configuration prevents your request from being allowed at
> this time. Please contact your service provider if you feel this is
> incorrect.
>
> Generated Thu, 23 Oct 2003 10:13:35 GMT by proxy.cache.???????.com.au
> (Squid/2.4.STABLE6)

Then the request is denied by your http_access rules.

The default http_access rules does not deny requests for ftp:// URLs, so
it is hard for us to say why your rules denies the requests witout knowing
your rules..

Regards
Henrik

Disclaimer :
This email and it's attachments are confidential. If you are not the intended recipient you must not disclose, distribute or re-produce any of it's contents as it may be a breach of confidentiality. If you have received this message in error, please advise us immediatley by return email and delete the entire document. Ramelec Pty Ltd cannot guarantee the security of any information electronically transmitted across the Internet. Ramelec Pty Ltd does not accept responsibility for improper or incomplete information within this message, any delay in it's receipt and that this message is free of any known Virus. The address from which this email has been sent is strictly intended for business email only and Ramelec Pty Ltd reserves the right to monitor / alter it's contents at it's discretion.

This message has been scanned for the prescence of known Virus's by Gordano's GMS Virus Protection Package.
Received on Thu Oct 23 2003 - 18:22:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:38 MST