RE: [squid-users] Accessing a site on a particular port

From: Thompson, Scott \(WA\) <[email protected]>
Date: Fri, 18 Apr 2008 12:18:49 +0800

When I try and add these statements the service wont restart so I assume I missing something simple. Where would I add these statements and do I need to modify the white.list file in anyway?

Here is a copy of the squid.conf file

# note if one network card, can drop [ip_of_first_nic]:
http_port 80
# note if only one network card, can drop next line
hierarchy_stoplist cgi-bin ?
cache_mem 4 MB
cache_swap_low 85
cache_swap_high 90
# note read the config file about this and adjust it
# to what your disk(s) can do, and allow for log files
cache_dir ufs /var/spool/squid 200 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# note: you may need to increase children based on your number of users
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 220
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minute
auth_param ntlm use_ntlm_negotiate on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour

# only need this if you want to use Windows Domain Groups for acl(s)
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_grou
p.pl

acl all src 0.0.0.0/0.0.0.0
acl Java browser Java/1.5.0_01
acl java_jvm browser Java/1.5.0_01
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?
acl FTP proto FTP
# blockads is optional for this config
# Things never to cache
# Enable this if you don't want any caching
#no_cache deny all

acl Proxy external nt_group ProxyUsers
acl PowerProxy external nt_group ProxyPowerUsers
acl White url_regex "/etc/squid/white.list"
acl Denied url_regex -i "/etc/squid/denied.list"
acl Refuse url_regex -i "/etc/squid/refuse.list"
acl ATO dstdomain eci.ato.gov.au pki.ato.gov.au
no_cache deny QUERY
always_direct allow FTP
always_direct allow localhost
always_direct allow ATO

# SNMP for MRTG statemnets
snmp_port 161
acl snmppublic snmp_community public
acl JavaScript browser application/x-javascript
snmp_access allow snmppublic all
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0

# ACL List of Allow or Deny and the order they flow
http_access allow White
http_access deny Denied
http_access allow PowerProxy
http_access deny Refuse
http_access allow Proxy
http_access allow ATO
http_access allow manager
http_access deny all

# blockads is optional for this config
http_reply_access allow all

cache_effective_user squid
cache_effective_group squid

# I have very little RAM, so I set this off. YMMV
memory_pools off
forwarded_for on
error_directory /etc/squid/errors
coredump_dir /var/spool/squid

# note 33,2 lets you see which acl allowed or denied
debug_options ALL,1 33,2
https_port 80

Cheers,
Scott

-----Original Message-----
From: ����������� ������� [mailto:kabiolskiy@prima.susu.ac.ru]
Sent: Friday, 18 April 2008 12:03 PM
To: Thompson, Scott (WA); squid-users@squid-cache.org
Subject: Re: [squid-users] Accessing a site on a particular port

Thompson, Scott (WA) �����:
> Hi all
> I am trying to get some systems to access a site for webmail access on
> port 2095
> I have added the site in the white.list and as a result I can access the
> sites front page, but if I specify /webmail (eg site.com/webmail) it
> redirects it to port 2095 which I then can't access
> Is there anyway I can get the http requests to access the site in
> question on Port 2095?
> Does the white.list support ports in the list?
> All my users authenticate against AD but these users in question are
> Linux boxes running Mozila and I don't want them to authenticate for
> this site, I just want straight thru access
>
> Here is part of the squid.conf file
>
> <---snip--->
> # ACL List of Allow or Deny and the order they flow
> http_access allow White
> http_access deny Denied
> http_access allow PowerProxy
> http_access deny Refuse
> http_access allow Proxy
> http_access allow ATO
> http_access allow manager
> http_access deny all
>
>
>
> Cheers,
> Scott
>
>
acl webmail Port 2095
http_access allow White webmail
Received on Tue Apr 22 2008 - 15:05:41 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT