[squid-users] Help Regarding Squid

From: Pankaj Agarwal <[email protected]>
Date: Sat, 26 Feb 2005 21:47:10 +0530

Hi,

I am facing a very strange problem with squid. Users in my LAN are not able
to connect to some of the HTTPS sites. On that particular sites it keeps on
asking for username and password.... but if I configure the client to direct
access ..then I gives the webpage and asks for user name and password in
html page...

Any input to resolve this problem is welcomed.... Kindly help

Thanks and Regards,

Pankaj Agarwal

Note: I'm enclosing my squid.conf and ipchains.conf below

####################################################################
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
####################################################################

# ipchains.conf

/sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ

# input chain:
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -A input -p tcp -s 61.11.104.0/24 -d 127.0.0.1/32 80 -j
ACCEPT
/sbin/ipchains -A input -p tcp -s 220.227.153.48/28 -d 127.0.0.1/32 80 -j
ACCEPT

/sbin/ipchains -A input -p tcp -s 61.11.104.0/24 -d 61.11.104.63/32 80 -j
ACCEPT
/sbin/ipchains -A input -p tcp -s 220.227.153.48/28 -d 220.227.153.61/32
80 -j ACCEPT

/sbin/ipchains -A input -p tcp -s 61.11.104.0/24 -d 192.168.2.5/32 80 -j
ACCEPT
/sbin/ipchains -A input -p tcp -s 192.168.2.0/24 -d 0.0.0.0/0 80 -j
REDIRECT 3128

# output chain:
/sbin/ipchains -P output ACCEPT

# forward chain:
/sbin/ipchains -P forward ACCEPT
########################################################################
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
########################################################################

SQUID ACL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
acl all src 0.0.0.0/0.0.0.0
acl SSL_Ports port 443 563
acl Safe_Ports port 80
acl Safe_Ports port 21
acl Safe_Ports port 443 563
acl CONNECT method CONNECT
acl special src "/home/users/admin/content_filter/specialip.txt"
acl lan src 192.168.2.0/255.255.255.0
acl blockcontent url_regex -i
"/home/users/admin/content_filter/blockedword.txt"
acl denyfiletype url_regex -i "/home/users/admin/content_filter/fileext.txt"

http_access deny !Safe_Ports
http_access deny CONNECT !SSL_Ports
http_access allow special
http_access deny blockcontent
http_access deny denyfiletype
http_access allow lan
http_access deny all
Received on Sat Feb 26 2005 - 09:17:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST