Another piece of information I just discovered... I use a wpad.dat file to assign the proxy to users. It works just fine except for the local servers. However, when I force the connection in the browser to the proxy with 8080 (dansguardian) then I can get to my local web servers. -----Original Message----- From: Johnson, S [mailto:sjohnson@xxxxxxxxxxxxxxx] Sent: Thursday, April 08, 2010 9:50 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Squid is unable to connect to local webservers I've got a squid proxy running in transparent mode with an AUP on a "public" wireless network which is separated from our private network. We run a local webserver here and found that users get the AUP and cannot click past it when attempting to get to the local web server. Without using the proxy I can connect just fine to the web server from the squid server so I know they can see each other. Everything else works great. I tried setting up an ACL with localweb (seen in the config below) but that didn't allow it through. Weird thing is that when I try hitting the local web server, I don't see anything in the squid access.log file which makes be believe that squid isn't even seeing the traffic for some reason. squid config: # Credentials past their TTL are removed from memory #authenticate_ttl 0 seconds # TAG: acl #Recommended minimum configuration: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl to_localbox dst 192.168.80.5/32 acl localweb dst 84.8.132.1/32 follow_x_forwarded_for allow localhost acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on external_acl_type session ttl=300 children=1 negative_ttl=0 concurrency=200 %SRC /usr/lib/squid/squid_sessi on -t 1800 acl session external session acl localnet src 192.168.80.0/23 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: http_access http_access allow localweb http_access allow to_localbox deny_info http://192.168.80.5/index.php?url=%s session http_access allow session http_access allow SSL_ports http_access allow CONNECT SSL_ports http_access deny !session http_access deny !Safe_ports -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
