Re: [squid-users] How to setup squid as http proxy server

From: Tek Bahadur Limbu <[email protected]>
Date: Wed, 31 Oct 2007 12:42:43 +0545

Hi Ying,

ying lcs wrote:
> On 10/31/07, Tek Bahadur Limbu <teklimbu@wlink.com.np> wrote:
>> Hi Ying,
>>
>> ying lcs wrote:
>>> Hi,
>>>
>>> I am able to compile and get squid running on my ubuntu machine.
>>>
>>> However, when I see my proxy setting in my firefox:
>>> Manual proxy configuration:
>>> HTTP Proxy: 127.0.0.1 Port: 3128
>>>
>>> And when when I load 'www.google.com' in my firefox , I get this error page:
>>> The proxy server is refusing connections
>>> Firefox is configured to use a proxy server that is refusing connections.
>>>
>>> * Check the proxy settings to make sure that they are correct.
>>>
>>> * Contact your network administrator to make sure the proxy server is
>>> working.
>>>
>> Are you sure that you are running Squid on port 3128?
>
> Yes, I am sure it is running on 3128. I check the squid access log, I
> see the following:
>
> 1193801812.865 0 127.0.0.1 TCP_DENIED/403 1404 GET http://127.0.0.1/plain.t
> xt - NONE/- text/html
> 1193801816.006 0 127.0.0.1 TCP_DENIED/403 1404 GET http://127.0.0.1/plain.t
> xt - NONE/- text/html
> 1193805983.331 0 127.0.0.1 TCP_DENIED/400 1503 GET www.google.com - NONE/-
> text/html
> 1193806012.286 0 127.0.0.1 TCP_DENIED/403 1394 GET http://www.google.com -
> NONE/- text/html
>
>
>>
>> Or you need to add the following ACL
>>
>> acl localhost src 127.0.0.1/32
>> http_access allow localhost
>>
>> Note: Remember to add it before the "http_access deny all" ACL
>>
>
>
>
> I have these as my ACL (I am just using the defaults in squid 2.6 16):
> Can you please tell me why do I need to add '' acl localhost src 127.0.0.1/32"?
> And I tried 'http://www.google.com' (not just 127.0.0.1/plain.txt) and
> it does not work either.
>
>
> #Recommended minimum configuration:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> # TAG: http_access
> # Allowing or Denying access based on defined access lists
> #
> # Access to the HTTP port:
> # http_access allow|deny [!]aclname ...
> #
> # NOTE on default values:
> #
> # If there are no "access" lines present, the default is to deny
> # the request.
> #
> # If none of the "access" lines cause a match, the default is the
> # opposite of the last line in the list. If the last line was
> # deny, the default is allow. Conversely, if the last line
> # is allow, the default will be deny. For these reasons, it is a
> # good idea to have an "deny all" or "allow all" entry at the end
> # of your access lists to avoid potential confusion.
> #
> #Default:
> # http_access deny all
> #
> #Recommended minimum configuration:
> #
> # Only allow cachemgr access from localhost
> http_access allow manager localhost

http_access allow manager localhost

is NOT THE SAME as

http_access allow localhost

Just add "http_access allow localhost" below your "http_access allow
manager localhost".

It should work after that!

An alternative way is to use the actual IP of your Squid proxy server.
Supposing that your IP of your Squid Proxy is: 192.168.1.1, just use:

Proxy: 192.168.1.1 Port: 3128

in your web browser.

This should work as well.

> http_access deny manager
> # Deny requests to unknown ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
> #
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>
> # Example rule allowing access from your local networks. Adapt
> # to list your (internal) IP networks from where browsing should
> # be allowed
> #acl our_networks src 192.168.1.0/24 192.168.2.0/24
> #http_access allow our_networks
>
> # And finally deny all other access to this proxy
> http_access deny all
>
>
>
>
>
>>> And when I load '127.0.0.1/plain.txt' in my firefox, I get this error message:
>>> ERROR
>>> The requested URL could not be retrieved
>>>
>>> While trying to retrieve the URL: http://127.0.0.1/plain.txt
>>>
>>> The following error was encountered:
>>>
>>> * Access Denied.
>>>
>>> Access control configuration prevents your request from being
>>> allowed at this time. Please contact your service provider if you feel
>>> this is incorrect.
>>>
>>> Your cache administrator is webmaster.
>> Squid is a proxy cache server and not an Apache web server. There is a
>> big difference between them! Apache serves the web pages and Squid
>> fetches those web pages.
>>
>>> Can you please tell me what am I missing in setting up my squid as the
>>> http server?
>> Check out the following sites for more information.
>>
>> (1.) http://wiki.squid-cache.org/FrontPage
>> (2.) http://wiki.squid-cache.org/SquidFaq
>> (3.) http://www.deckle.co.za/squid-users-guide/Main_Page
>>
>>> Thank you.
>> Thanking you...

Thanking you...

>>
>>>
>>>
>>
>> --
>>
>> With best regards and good wishes,
>>
>> Yours sincerely,
>>
>> Tek Bahadur Limbu
>>
>> System Administrator
>>
>> (TAG/TDG Group)
>> Jwl Systems Department
>>
>> Worldlink Communications Pvt. Ltd.
>>
>> Jawalakhel, Nepal
>>
>> http://www.wlink.com.np
>>
>> http://teklimbu.wordpress.com
>>
>
>
>

-- 
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com
Received on Wed Oct 31 2007 - 00:58:04 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT