Hi I have an Ubuntu Feisty box running squid: ii squid 2.6.5-4ubuntu2 Internet Object Cache (WWW proxy cache) And I get these non-SSL ports denied as SSL ports: <snip> 2007/06/10 22:07:37| aclCheck: checking 'http_access deny CONNECT !SSL_ports' 2007/06/10 22:07:37| aclMatchAclList: checking CONNECT 2007/06/10 22:07:37| aclMatchAcl: checking 'acl CONNECT method CONNECT' 2007/06/10 22:07:37| aclMatchAclList: checking !SSL_ports 2007/06/10 22:07:37| aclMatchAcl: checking 'acl SSL_ports port 443 563 # https, snews' 2007/06/10 22:07:37| aclMatchAclList: returning 1 2007/06/10 22:07:37| aclCheck: match found, returning 0 2007/06/10 22:07:37| cbdataUnlock: 0x82adec0 2007/06/10 22:07:37| aclCheckCallback: answer=0 2007/06/10 22:07:37| cbdataValid: 0x85e0b50 2007/06/10 22:07:37| The request CONNECT 209.204.61.7:4000 is DENIED, because it matched 'SSL_ports' 2007/06/10 22:07:37| Access Denied: 209.204.61.7:4000 2007/06/10 22:07:37| AclMatchedName = SSL_ports 2007/06/10 22:07:37| Proxy Auth Message = <null> 2007/06/10 22:07:37| storeCreateEntry: '209.204.61.7:4000' 2007/06/10 22:07:37| new_MemObject: returning 0x8ce8a68 </snip> Other ports are in the range 1025-6000 and are getting the same problem. My squid.conf below. Any tips appreciated. 0 root@kontiki:/etc/squid#grep -v ^\# squid.conf|grep . http_port 10.0.0.1:3128 transparent http_port 127.0.0.1:3128 cache_peer proxy.aims.ac.za parent 3128 0 no-query cache_peer_domain proxy.aims.ac.za !.aims.ac.za hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /var/log/squid/access.log squid debug_options ALL,1 hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost acl our_networks src 10.0.0.0/8 http_access allow our_networks http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all visible_hostname kontiki.aims.ac.za forwarded_for off acl aims dstdomain .aims.ac.za no_cache deny aims always_direct allow aims acl kontiki dst 10.0.0.1/32 no_cache deny kontiki always_direct allow kontiki never_direct allow all coredump_dir /var/spool/squid regards, Jan -- .~. /V\ Jan Groenewald /( )\ www.aims.ac.za ^^-^^
