[squid-users] Problem accessing some sites

From: squid squid <[email protected]>
Date: Mon, 27 Oct 2003 11:21:19 +0800

Hi,

I have just compiled Squid 2.5 Stable 4 and running it on Solaris 8 on an
Intranet environment. However I am having problem accessing sites with URL
like
http://mis3.home.company/inhouse/common/login.asp?goto=/inhouse/leave/Default.asp&fnum.

The error message is as follows:

The requested URL could not be retrieved.
While trying to retrieve the URL:
http://mis3.home.company/inhouse/common/login.asp?
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being alloed at this
time. Pls contact your service provider if you feel this is incorrect.

On the access logfile, I got 403 TCP_DENIED:NONE.

Pls advise what could have gone wrong. Thank you.

My squid.conf is as follows:

# NETWORK OPTIONS
http_port 3128
icp_port 0

# OPTION WHICH AFFECT NEIGHBOUR SELECTION ALGORITHM
cache_peer 123.45.1.30 parent 3128 0 no-query proxy-only
acl query urlpath_regex cgi-bin \?
acl dynamic_contents urlpath_regex \*\.asp
acl dynamic_contents urlpath_regex \*\.jsp
no_cache deny query dynamic_contents

# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 10 MB
maximum_object_size 1024 KB
maximum_object_size_in_memory 1024 KB

# LOGFILE PATHNAMES & CACHE DIRECTORIES
cache_dir ufs /usr/local/squid/var/cache 3000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
pid_filename /usr/local/squid/var/logs/squid.pid
cache_store_log none
emulate_httpd_log on
log_ip_on_direct off
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
debug_options ALL,1
log_fqdn off

# OPTIONS FOR TUNING THE CACHE
request_header_max_size 1 KB
negative_ttl 5 minutes
positive_dns_ttl 30 minutes
negative_dns_ttl 1 minutes

# TIMEOUTS
connect_timeout 120 seconds
peer_connect_timeout 120 seconds
read_timeout 5 minutes
request_timeout 5 minutes
half_closed_clients off
pconn_timeout 15 seconds
shutdown_lifetime 10 seconds

# DEFAULT ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_PORTS port 343 443 7002 8000 9000 15000
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl SSL method CONNECT

# Only allow administrator access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

#Deny CONNECT to other than SSL ports and no direct connection for SSL
http_access deny SSL !SSL_ports
never_direct allow SSL

# Ban on file types and domain
acl BANFILE urlpath_regex \.bmp$ \.mp3$ \.mpg$ \.avi$
acl BANDOMAIN urlpath_regex www .com .net
http_access deny BANFILE
http_access deny BANDOMAIN

# For the cache purge
acl PURGE method purge
http_access allow PURGE localhost
http_access deny PURGE

# Commom application/web servers in local
acl direct-svr dstdomain mis3.home.company
always_direct allow direct-svr

# Commom application/web servers housed remote and access thru' 123.45.1.30
acl remote-svr dst 123.45.1.31
cache_peer_access 123.45.1.30 allow remote-svr
never_direct allow remote-svr

# Allow requests to proxy
http_access allow all

# HTTPD-ACCELERATOR OPTIONS
# For Squid to run as transparent proxy
httpd_accel_uses_host_header on

# ADMINISTRATIVE PARAMETERS
cache_mgr squid@inet.company
cache_effective_user nobody
visible_hostname proxy.inet.company

# MISCELLANEOUS
dns_testnames home.company mis3.home.company
memory_pools off
cachemgr_passwd none all
snmp_port 0
client_db off

_________________________________________________________________
Get 10mb of inbox space with MSN Hotmail Extra Storage
http://join.msn.com/?pgmarket=en-sg
Received on Sun Oct 26 2003 - 20:21:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:41 MST