RE: [squid-users] Secure site access blocked?

From: Neil Loffhagen <[email protected]>
Date: Tue, 19 Apr 2005 12:41:32 -0000

Did as you suggested and it does stop the warning message. As you said
there was already an acl all src 0.0.0.0/0.0.0.0 line in the squid.cond
file. However, even before I had changed that had started getting very
slow response from mainly secure sites, but also some others. When I
looked in the cache.log see the following:

2005/04/19 13:32:23| always_direct = 0
2005/04/19 13:32:23| never_direct = 1
2005/04/19 13:32:23| timedout = 0

Having the always_direct and the never_direct seem to contradict each
other?

Neil.

-----Original Message-----
From: Neil A. Hillard [mailto:hillardn@whl.co.uk]
Sent: 19 April 2005 13:19
To: Neil Loffhagen
Cc: Kashif Ali Bukhari; squid-users@squid-cache.org
Subject: Re: [squid-users] Secure site access blocked?

Neil Loffhagen wrote:
>> From: Kashif Ali Bukhari [mailto:kbukhari@gmail.com]
>> Sent: 19 April 2005 10:24
>> To: Neil Loffhagen
>> Subject: Re: [squid-users] Secure site access blocked?
>>
>> it means u are working behind a firewall / blocking 443 port use
>> cacge peer like
>>
>> cache_peer www-cache.server.co.uk parent 80 0 default
no-query
>> acl all src 0.0.0.0/0.0.0.0
>> never_direct allow all
> Thanks, that worked okay. But now I get the following on staring >
Squid:
>
> Shutting down WWW-proxy squid 2005/04/19 10:41:32| WARNING:
> '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
> 2005/04/19 10:41:32| WARNING: because of this '0.0.0.0/0.0.0.0' is >
ignored to keep splay tree searching predictable > 2005/04/19 10:41:32|
WARNING: You should probably remove > '0.0.0.0/0.0.0.0' from the ACL
named 'all'
>
> This seems to mean I should not have the acl all src 0.0.0.0/0.0.0.0
> line?
>
> Could I put our local LAN IP range there or would that not be
correct?
I reckon that you already have the 'all' ACL already declared (it's part
of the stock .conf file so you're duplicating an entry which squid isn't
happy about. Remove the following line:

acl all src 0.0.0.0/0.0.0.0

that you just added and fingers crossed.

HTH,

                                Neil.

-- 
Neil Hillard                    hillardn@whl.co.uk
Westland Helicopters Ltd.       http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
             views of Westland Helicopters Ltd.
http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain
personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. 
Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the
BBC monitors e-mails sent or received. 
Further communication will signify your consent to this.
Received on Tue Apr 19 2005 - 06:41:36 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT