Hi again, just to clarify my situation a little further. Traffic flows like this: Internet -> router (203.96.59.39) -> squid box (203.96.63.240) -> destination server (10.10.10.148). The weird thing is that the access log error shows the squid box's IP for the POST when I try to log in, not the router address like the rest of the traffic. Could someone tell me if they have a method for deriving rules based on access.log entries? That is, if the access log says: 1110344006.301 0 203.96.63.240 TCP_DENIED/403 1480 POST > http://www.public.domain/user/login - NONE/- text/html Can a rule that permits this particular traffic be derived? Once again, your help will be appreciated! I know it adds to bloat, but here's my config files sans comments and empty lines: squid.conf: http_port 80 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 64 MB cache_dir null /tmp hosts_file /etc/hosts redirect_program /usr/lib/squid/jesred refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT no_cache deny all acl my_site dstdomain .public.domain acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow my_site http_access deny all http_reply_access allow all icp_access allow all cache_mgr sysadmin_email visible_hostname squid.internal.cwa.co.nz httpd_accel_host virtual httpd_accel_port 80 httpd_accel_single_host off httpd_accel_uses_host_header on coredump_dir /var/spool/squid jesred.conf: allow = /etc/jesred.acl rules = /etc/jesred.rules redirect_log = /var/log/squid/jesred-redirect.log rewrite_log = /var/log/squid/jesred-rewrite.log jesred.acl: 0.0.0.0/0 jesred.rules: regexi ^http://www.public.domain/(.*) http://www.internal.server\1 /etc/hosts: 127.0.0.1 localhost.localdomain localhost 10.10.10.162 squid squid.internal.cwa.co.nz The squid box has no public domain name. Thanks for reading! Regards, Paul On Wed, 2005-03-09 at 18:18 +1300, Paul Dorman wrote: > Hello everyone, > > I've been trying to solve this problem for several hours now (you know > what that's like) without any progress. > > I've set up squid in accelerator mode to redirect traffic to a number of > internal servers. I'm using jesred to do the redirection. > > In the following description various strings have been replaced to > protect the identity of the site (we don't want people using it just > yet :o) ) > > I have an acl as follows: > > acl my_site dstdomain .public.domain > http_access allow my_site > > Jesred is configured as follows: > > In jesred.acl I just have: > > 0.0.0.0/0 > > to rewrite all URLS from all sources. > > In jesred.rules I have: > regexi ^http://www.public.domain/(.*) http://internal.server/\1 > > I can browse the server without any issue, but if I try to log in I get: > > 1110344004.115 997 203.96.59.39 TCP_MISS/404 7336 GET > http://www.public.domain/favicon.ico - DIRECT/10.10.10.148 text/html > 1110344006.301 0 203.96.63.240 TCP_DENIED/403 1480 POST > http://www.public.domain/user/login - NONE/- text/html > 1110344006.301 2 203.96.59.39 TCP_MISS/403 1580 POST > http://www.public.domain/user/login - DIRECT/<external address> > text/html > 1110344007.305 1003 203.96.59.39 TCP_MISS/404 7336 GET > http://www.public.domain/favicon.ico - DIRECT/10.10.10.148 text/html > > So Squid is denying POST attempts. I've tried all sorts of things but > always have the same result. > > What am I missing here? I can't see anything about this mentioned in > FAQs or on Google, but I'm sure it's something really simple I've > missed. > > Your help will be greatly appreciated! > > Cheers, > Paul >
