Search squid archive

Re: ACL rules allow localhost, but I still get an Access Denied in transparent setup...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 30 Jul 2007 15:56:11 +0200
Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:

> > The weird thing is, if I manually configure Firefox to access the
> > Web via localhost:3128, it works fine, no matter whether I use the
> > "transparent" keyword or not. The ACL rule that allows localhost is
> > in effect in this case, since if I change  
> 
> It's not so strange. When intercepted the source ip for the request is
> your real IP, not localhost...

That's what I thought...

> > However, adding a rule like this:
> > 
> > acl ME src 1.2.3.4
> > http_access allow ME
> > 
> > doesn't help at all.  
> 
> Make sure you add it before the "deny all".. http_access rules is
> order sensitive..

Thanks for your suggestion, but like I said, still no luck.

access.log sample when trying to access google.com:
1185804381.874      0 192.144.46.78 TCP_DENIED/403 1450 GET
http://www.google.com/ - NONE/- text/html
1185804381.950     92 192.144.46.78 TCP_MISS/403 1598 GET
http://www.google.com/ - DIRECT/64.233.183.147 text/html

(assuming 192.144.46.78 is my IP -- it's not, of course)

The ACL rule in the squid.conf is definitely before the "http_access
deny all" line:

-----------------------------------------------------------
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl ME src 192.144.46.78
http_access allow ME

# Example rule allowing access from your local networks. Adapt 
# to list your (internal) IP networks from where browsing should
# be allowed 
#acl our_networks src 192.168.1.0/24 192.168.2.0/24 
#http_access allow our_networks 

http_access allow localhost 

# And finally deny all other access to this
proxy http_access deny all
-----------------------------------------------------------

Any other ideas?

Andrei

PS: By the way, I just put 

debug_options ALL,1 33,2

into the config, and now the cache log says:

2007/07/30 17:22:20| The reply for GET http://www.google.com/ is
ALLOWED, because it matched
'QUERY'                                                  
2007/07/30 17:22:25| The request GET http://www.google.com:80/ is
ALLOWED, because it matched
'ME'                                           

...while the access.log still says access denied, and so does the
browser! How come?

I also noticed that cache log  has this warning:
2007/07/30 13:23:36| WARNING: Forwarding loop detected
for: Client: 192.144.46.78 http_port: 69.65.107.188:80

Could this warning be related to the problem I'm having?

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux