I got it resolved. Thanks Eliezer, you helped me to fix this error initially I tried what you sent but it didn't work, that is what I thought, but then I figured it was the PHP script which was wrong and so I reverted the changes and tried it, now it work fine. thanks you Thanks & Regards Vijay -----Original Message----- From: Eliezer Croitoru [mailto:eliezer@xxxxxxxxxxxx] Sent: Tuesday, March 20, 2012 2:51 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: whitelisted IP problem On 20/03/2012 07:53, Vijay wrote: > 2012/03/20 10:14:23.889| aclCheckFast: list: 0x175c860 > 2012/03/20 10:14:23.889| ACLChecklist::preCheck: 0xbfccd8b4 checking > 'ident_lookup_access deny all' > 2012/03/20 10:14:23.889| ACLList::matches: checking all > 2012/03/20 10:14:23.889| ACL::checklistMatches: checking 'all' > 2012/03/20 10:14:23.889| aclIpAddrNetworkCompare: compare: > 122.166.1.184:48347/[::] ([::]:48347) vs [::]-[::]/[::] > 2012/03/20 10:14:23.890| aclIpMatchIp: '122.166.1.184:48347' found > 2012/03/20 10:14:23.890| ACL::ChecklistMatches: result for 'all' is 1 > 2012/03/20 10:14:23.890| ACLList::matches: result is true > 2012/03/20 10:14:23.890| aclmatchAclList: 0xbfccd8b4 returning true > (AND list satisfied) > 2012/03/20 10:14:23.890| ACLChecklist::markFinished: 0xbfccd8b4 > checklist processing finished > 2012/03/20 10:14:23.890| FilledChecklist.cc(168) ~ACLFilledChecklist: > ACLFilledChecklist destroyed 0xbfccd8b4 > 2012/03/20 10:14:23.890| ACLChecklist::~ACLChecklist: destroyed > 0xbfccd8b4 i'm trying again to understand and if your htt_access wasnt changed thi line here is the beginning of the aclchek for the client. starts with manager = 127.0.0.1 > 2012/03/20 10:14:23.890| ACLChecklist::preCheck: 0x19f0128 checking > 'http_access allow manager localhost server' > 2012/03/20 10:14:23.890| ACLList::matches: checking manager > 2012/03/20 10:14:23.890| ACL::checklistMatches: checking 'manager' > 2012/03/20 10:14:23.890| ACL::ChecklistMatches: result for 'manager' > is 0 > 2012/03/20 10:14:23.890| ACLList::matches: result is false conclusion not from 127.0.0.1 means other ip and moving to the next htt_access rule to check if there is allow to accomplish there. > 2012/03/20 10:14:23.890| aclmatchAclList: 0x19f0128 returning false > (AND list entry failed to match) > 2012/03/20 10:14:23.890| aclmatchAclList: async=0 nodeMatched=0 > async_in_progress=0 lastACLResult() = 0 finished() = 0 starting the dont allow manager rule > 2012/03/20 10:14:23.890| ACLChecklist::preCheck: 0x19f0128 checking > 'http_access deny manager' > 2012/03/20 10:14:23.890| ACLList::matches: checking manager > 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'manager' > 2012/03/20 10:14:23.891| ACL::ChecklistMatches: result for 'manager' > is 0 > 2012/03/20 10:14:23.891| ACLList::matches: result is false it's not mangaer so moving on to the next rule. > 2012/03/20 10:14:23.891| aclmatchAclList: 0x19f0128 returning false > (AND list entry failed to match) > 2012/03/20 10:14:23.891| aclmatchAclList: async=0 nodeMatched=0 > async_in_progress=0 lastACLResult() = 0 finished() = 0 moving to the next wich means dont allow to any of ports other then the list of safe "443,80 etc.." > 2012/03/20 10:14:23.891| ACLChecklist::preCheck: 0x19f0128 checking > 'http_access deny !Safe_ports' > 2012/03/20 10:14:23.891| ACLList::matches: checking !Safe_ports > 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'Safe_ports' > 2012/03/20 10:14:23.891| ACL::ChecklistMatches: result for > 'Safe_ports' is 1 > 2012/03/20 10:14:23.891| ACLList::matches: result is false it's not matching not dafe ports cause it's port 80 > 2012/03/20 10:14:23.891| aclmatchAclList: 0x19f0128 returning false > (AND list entry failed to match) > 2012/03/20 10:14:23.891| aclmatchAclList: async=0 nodeMatched=0 > async_in_progress=0 lastACLResult() = 0 finished() = 0 the next rule will be trying the CONNECT method on not SSL ports (443). > 2012/03/20 10:14:23.891| ACLChecklist::preCheck: 0x19f0128 checking > 'http_access deny CONNECT !SSL_ports' > 2012/03/20 10:14:23.891| ACLList::matches: checking CONNECT > 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'CONNECT' > 2012/03/20 10:14:23.891| ACL::ChecklistMatches: result for 'CONNECT' > is 1 > 2012/03/20 10:14:23.891| ACLList::matches: result is true and you <<< do try to use ssl>>> (why?) squid client wont use connect... ssl.. means i suppose you are using wrong code to get the site content. > 2012/03/20 10:14:23.891| ACLList::matches: checking !SSL_ports > 2012/03/20 10:14:23.891| ACL::checklistMatches: checking 'SSL_ports' > 2012/03/20 10:14:23.892| ACL::ChecklistMatches: result for 'SSL_ports' > is 0 > 2012/03/20 10:14:23.892| ACLList::matches: result is true conclusion ..you are trying to use CONNECT to not SSL port so... > 2012/03/20 10:14:23.892| aclmatchAclList: 0x19f0128 returning true > (AND list > satisfied) squid finding you answering the http_access acl and will deny the connection means you didn't add the acl's and http_access rule i sent you. look at what i sent you and try again after. Regards, Eliezer > 2012/03/20 10:14:23.892| ACLChecklist::markFinished: 0x19f0128 > checklist processing finished > 2012/03/20 10:14:23.892| ACLChecklist::check: 0x19f0128 match found, > calling back with 0 > 2012/03/20 10:14:23.892| ACLFilledChecklist::checkCallback: 0x19f0128 > answer=0 > 2012/03/20 10:14:23.892| ACLChecklist::checkCallback: 0x19f0128 > answer=0 > 2012/03/20 10:14:23.892| aclIsProxyAuth: called for SSL_ports > 2012/03/20 10:14:23.892| ACL::FindByName 'SSL_ports' > 2012/03/20 10:14:23.892| aclIsProxyAuth: returning 0 > 2012/03/20 10:14:23.892| Gadgets.cc(57) aclGetDenyInfoPage: got called > for SSL_ports > 2012/03/20 10:14:23.892| aclGetDenyInfoPage: no match > 2012/03/20 10:14:23.892| FilledChecklist.cc(168) ~ACLFilledChecklist: > ACLFilledChecklist destroyed 0x19f0128 > 2012/03/20 10:14:23.892| ACLChecklist::~ACLChecklist: destroyed > 0x19f0128 > 2012/03/20 10:14:23.893| FilledChecklist.cc(168) ~ACLFilledChecklist: > ACLFilledChecklist destroyed 0x19f0128 > 2012/03/20 10:14:23.893| ACLChecklist::~ACLChecklist: destroyed > 0x19f0128 > 2012/03/20 10:14:23.893| ConnStateData::swanSong: FD 11 > > > > Thanks& Regards > Vijay -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations elilezer <at> ngtech.co.il
