Hi Ying,
ying lcs wrote:
On 10/31/07, Tek Bahadur Limbu <teklimbu@xxxxxxxxxxxx> wrote:
Hi Ying,
ying lcs wrote:
Hi,
I am able to compile and get squid running on my ubuntu machine.
However, when I see my proxy setting in my firefox:
Manual proxy configuration:
HTTP Proxy: 127.0.0.1 Port: 3128
And when when I load 'www.google.com' in my firefox , I get this error page:
The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections.
* Check the proxy settings to make sure that they are correct.
* Contact your network administrator to make sure the proxy server is
working.
Are you sure that you are running Squid on port 3128?
Yes, I am sure it is running on 3128. I check the squid access log, I
see the following:
1193801812.865 0 127.0.0.1 TCP_DENIED/403 1404 GET http://127.0.0.1/plain.t
xt - NONE/- text/html
1193801816.006 0 127.0.0.1 TCP_DENIED/403 1404 GET http://127.0.0.1/plain.t
xt - NONE/- text/html
1193805983.331 0 127.0.0.1 TCP_DENIED/400 1503 GET www.google.com - NONE/-
text/html
1193806012.286 0 127.0.0.1 TCP_DENIED/403 1394 GET http://www.google.com -
NONE/- text/html
Or you need to add the following ACL
acl localhost src 127.0.0.1/32
http_access allow localhost
Note: Remember to add it before the "http_access deny all" ACL
I have these as my ACL (I am just using the defaults in squid 2.6 16):
Can you please tell me why do I need to add '' acl localhost src 127.0.0.1/32"?
And I tried 'http://www.google.com' (not just 127.0.0.1/plain.txt) and
it does not work either.
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to deny
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow manager localhost
is NOT THE SAME as
http_access allow localhost
Just add "http_access allow localhost" below your "http_access allow
manager localhost".
It should work after that!
An alternative way is to use the actual IP of your Squid proxy server.
Supposing that your IP of your Squid Proxy is: 192.168.1.1, just use:
Proxy: 192.168.1.1 Port: 3128
in your web browser.
This should work as well.
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
# And finally deny all other access to this proxy
http_access deny all
And when I load '127.0.0.1/plain.txt' in my firefox, I get this error message:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://127.0.0.1/plain.txt
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being
allowed at this time. Please contact your service provider if you feel
this is incorrect.
Your cache administrator is webmaster.
Squid is a proxy cache server and not an Apache web server. There is a
big difference between them! Apache serves the web pages and Squid
fetches those web pages.
Can you please tell me what am I missing in setting up my squid as the
http server?
Check out the following sites for more information.
(1.) http://wiki.squid-cache.org/FrontPage
(2.) http://wiki.squid-cache.org/SquidFaq
(3.) http://www.deckle.co.za/squid-users-guide/Main_Page
Thank you.
Thanking you...
Thanking you...
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com