Agree with you on the meat of the problem. But being an ISP handling millions of sites everyday with multiple squids having the same config, it is highly unlikely that it is due to the acl list. It is just this site. Anyway I've checked and found nothing that is likely to be the problem. Can someone surf to this site by pointing your browser to your squid box and let me know your result? Thanks. ------------------------------ #3 access list files acl TP src "/usr/local/squid-2.5.STABLE10-20050725/etc/TPsrc.acl" acl SDeny src "/usr/local/squid-2.5.STABLE10-20050725/etc/deny.acl" acl SAllow src "/usr/local/squid-2.5.STABLE10-20050725/etc/allow.acl" #4 banned list files acl SBA dstdomain "/usr/local/squid-2.5.STABLE10-20050725/etc/SBA.txt" #acl SBA2 dst "/usr/local/squid-2.5.STABLE10-20050725/etc/SBA2.txt" acl SBA3 url_regex "/usr/local/squid-2.5.STABLE10-20050725/etc/SBA3.txt" acl CNB dstdomain "/usr/local/squid-2.5.STABLE10-20050725/etc/CNB.txt" acl CNB2 url_regex "/usr/local/squid-2.5.STABLE10-20050725/etc/CNB2.txt" acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 81 442 443 444 447 563 2425 8080 8443 9920 acl Danger_ports port 23 25 79 110 111 512 514 540 acl CONNECT method CONNECT acl Gopher proto Gopher http_access deny Gopher http_access deny Danger_ports http_access deny CONNECT !SSL_ports http_access deny SDeny http_access deny SBA #http_access deny SBA2 http_access deny SBA3 http_access deny CNB http_access deny CNB2 http_access allow SAllow http_access allow TP http_access deny all http_reply_access allow all -------------------------- Regards, Tay --- Chris Robertson <crobertson@xxxxxxx> wrote: > > > On 9/7/05, Tay Teck Wee > <wolfpacks01@xxxxxxxxxxxx> > > > wrote: > > > > Hi all, > > > > > > > > using squid, I am unable to access > > > www.evangel.org.sg > > > > but using NetCaches, there is no problem. > > > > > > > > Squid log entry: > > > > 1126063099.644 63 165.21.88.31 > TCP_MISS/403 > > > 606 > > > > GET http://www.evangel.org.sg/ - > > > DIRECT/203.127.19.66 > > > > text/html > > > > > > > > > > > --- Mark Elsen <mark.elsen@xxxxxxxxx> wrote: > > > > > > Http 403 means : forbidden. > > > > > > Does it work , from a browser on the squid box > > > (e.g.) > > > > > > M. > > > > > > > -----Original Message----- > > From: Tay Teck Wee > [mailto:wolfpacks01@xxxxxxxxxxxx] > > Sent: Wednesday, September 07, 2005 12:02 AM > > To: Mark Elsen > > Cc: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: strange problem with > www.evangel.org.sg > > > > > > The only installed browser is lynx. No problem > with > > that. > > > > Also did this: > > [squid]$telnet evangel.org.sg 80 > > Trying 203.127.19.66... > > Connected to evangel.org.sg (203.127.19.66). > > Escape character is '^]'. > > GET /index.html HTTP/1.0 > > > > HTTP/1.1 200 OK > > Date: Wed, 07 Sep 2005 07:55:50 GMT > > Server: Apache/2.0.49 (Unix) DAV/2 > mod_fastcgi/2.4.2 > > mod_ssl/2.0.49 OpenSSL/0.9.6i > > ETag: "1d240-25f6-e7d24a80" > > Accept-Ranges: bytes > > Last-Modified: Wed, 07 Sep 2005 06:39:40 GMT > > Content-Length: 9724 > > Content-Type: text/html; charset=ISO-8859-1 > > ETag: "1d240-25fc-cf182300" > > Accept-Ranges: bytes > > Connection: close > > [truncated] > > > > I think the webserver is directing me to some > > directory which should not be accessed(using > > http://www.evangel.org.sg). Thus the reason for > the > > 403 error. But why is this happening only to Squid > and > > not to NetCaches? But when using just the IP > > address(203.127.19.66) or w/o the www(as in > > http://evangel.org.sg), its ok. > > > > Regards, > > Tay > > > > The whole thread about this webserver being broken > is a red herring. The meat of the problem is Squid > can surf to this site via the IP address, or the > FQDN without the www. Read up on ACLs > (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html), > use the debugging options and see what that tells > you. I'd have to guess the problem lies with your > squid.conf. > > Chris > __________________________________ Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather http://asia.yahoo.com/meetic
