On 28/04/2011 18:05, Amos Jeffries wrote:
On 29/04/11 00:49, Eliezer Croitoru wrote:
On 27/04/2011 22:53, Oscar Andrés Eraso Moncayo wrote:
Hi,
squid.conf:
******************************************************************************************************************
http_port 127.0.0.1:3030
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 1024 MB
cache_dir ufs /var/spool/squid 4096 16 256
access_log /var/log/squid/access.log squid
authenticate_ip_ttl 1 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
#acl msn_messenger req_mime_type -i ^application/x-msn-messenger$
#acl msn_url url_regex -i gateway.dll
add here these lines:
acl fnagov dstdomain .fna.gov.co
acl fnagovport port 8081
#add if dosnt exist already the nexet line
acl CONNECT method CONNECT
#remember that the next line must be in the top of any deny rule that is
related to one of the acls that in the rule.
http_access allow all fnagov CONNECT fnagovport
should give you what you need.
>
> Regards
> Eliezer
>
I would be a bit surprised if it did. It is technically right, but...
To fetch through a proxy on 127.0.0.1:3030 one must use the source IP
127.0.0.1 to do so.
He already has:
acl localhost src 127.0.0.1/255.255.255.255
...
http_access allow localhost
Which is an open proxy for any requests made by the same machine as
the proxy.
I would guess the 403 was coming from the remote server, but with
CONNECT and no cache_peer that seems not possible either.
It looks suspiciously like there is more config hidden away somewhere.
Or the log comes from some other proxy. Or the log detail (403) is
corrupt data in the tunnel state.
i suppose he doesnt have or dont want to give more info.
if the acls was as he sent it's pretty simple to understand the problems
he is having.
the log was: 10.120.5.41
so whatever is happening on the server still stays a mystery for the us.
a little funny and ironic.
Eliezer
http_access allow localhost
#http_access deny msn_messenger
#http_access deny msn_method msn_url
http_access deny all
http_reply_access allow all
icp_access allow all
error_directory /usr/share/squid/errors/Spanish
client_db off
log_fqdn off
*******************************************************************************************************************************
Best regards,
Amos
