Re: [squid-users] apache locked.

From: Andry Yudianto <[email protected]>
Date: Mon, 21 Jun 2004 11:06:26 +0700

I'm Sorry i'm late for responding, i'm traveling to another city
but, I found the problem. it seems i'm wrong defining ipchains rules

all connection are entering to squid :)

ipchains -A input -p TCP -d any/0 www -j REDIRECT 3128 =replace with=
ipchains -A input -s 192.168.2.0/24 -p TCP -d any/0 www -j REDIRECT 3128
now my apache work again :)

history of my squid

ip 192.168.2.1-192.168.2.10 = belong to ictnetwork (can access anywhere)
ip 192.168.2.20 - 192.168.2.55 = belong to amcor network (only can access to
ebsco=epnet.com and 3 webserver located localy)

Thanks again for muthukumar :)

----- Original Message -----
From: "Muthukumar" <kmuthu_gct@hotmail.com>
To: "Andry Yudianto" <andre@ictserver.digitcell.com>;
<squid-users@squid-cache.org>
Sent: Thursday, June 17, 2004 2:28 PM
Subject: Re: [squid-users] apache locked.

>
> > i run squid on my pc act as gateway, and also run webserver on it. after
i
> > have problem with ipchains rules for restricting my pc on network, i'm
use
> > acl for restricting. but right now my webserver locked, can't be
accessed
> > from outside. did i make a mistake on squid.conf ?
>
> Lets look in to the squid.conf.
>
>
> > and i also need example
> > acl to block some sites that contain xxx, porn,babes etc
> >
>
> create an acl with dstdomain_regex as
> acl blocksite dstdomain_regex -i xxx porn babes
>
> where -i is used to Ignore uppercase/lowercase distinctions during
comparisons
>
> > hierarchy_stoplist cgi-bin ?
> > acl QUERY urlpath_regex cgi-bin \?
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hours
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern . 0 20% 4320
> >
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl ictnetwork src 192.168.2.2 192.168.2.3 192.168.2.4 192.168.2.5
> > 192.168.2.29 192.168.2.30
> > acl amcorpc src 192.168.2.21 192.168.2.22 192.168.2.23 192.168.2.24
>
> If you use the src acl, use the netmask with the ip-address. We can use
the limit of ip-address in your situation as like
>
> acl ictnetwork src 192.168.2.2-192.168.2.5/32 192.168.2.29-192.168.2.30/32
> acl amcorpc src 192.168.2.21-192.168.2.24/32
>
>
> > acl to_localhost dst 127.0.0.0/8
> > acl SSL_ports port 443 563
> > acl Safe_ports port 80
> > acl Safe_ports port 21
> > acl Safe_ports port 443 563
> > acl Safe_ports port 70
> > acl Safe_ports port 210
> > acl Safe_ports port 1025-65535
> > acl Safe_ports port 280
> > acl Safe_ports port 488
> > acl Safe_ports port 591
> > acl Safe_ports port 777
> > acl CONNECT method CONNECT
>
> These are all default settings.
>
> > acl local dstdomain "allowedhost"
> > acl localip dst "allowedip"
>
> what is the contents in the allowedhost,allowedip files and their
locations.
>
> > acl ebsco dstdom_regex epnet.com
>
> If you want to set the acl for *.epnet.com domain use dstdomain itself as
> acl ebsco dstdom .epnet.com
>
>
> > http_access allow manager localhost
> > http_access allow ictnetwork
> > http_access allow amcorpc local
> > http_access allow amcorpc localip
> > http_access allow amcorpc ebsco
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost
> > http_access deny all
> >
>
> what is your requirement to set the http_access? It is good to validate
your settings.
>
> Regards,
> Muthukumar.
>
>
>
> ---
> =============== It is a "Virus Free Mail" ===============
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.707 / Virus Database: 463 - Release Date: 6/15/2004
Received on Sun Jun 20 2004 - 22:05:33 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT