Hi, I can't put the access rules above the acl definition if that was what you meant. but incase that isn't what you meant.. i did re-order it a bit and this is what i have now.. still no access. FYI, i'm trying to access it using the cache manager cgi which runs on the same server root@proxy:~# !gre grep -e ^acl -e ^http_acc /etc/squid3/squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl westhants proxy_auth REQUIRED acl westhants-network src 192.168.11.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow westhants http_access allow localhost http_access allow westhants-network http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all -- Jeff MacDonald jeff@xxxxxxxxxx 902 880 7375 On 2012-05-02, at 12:28 PM, Eliezer Croitoru wrote: > On 02/05/2012 17:37, Jeff MacDonald wrote: >> Hi, >> >> I've seen this similar issue for a lot of people around the web, and have tried my best to debug my access rules. >> >> The error message I get is : >> >> 1335968823.335 8 127.0.0.1 TCP_DENIED/407 2201 GET cache_object://localhost/ jeff@xxxxxxxxxx NONE/- text/html >> >> I'm pretty sure I'm missing something miniscule, but need help finding it. >> >> Here are my access rules in my squid.conf > > try to move the access rules of the manager to the top and move down the auth access rule > > http_access allow manager localhost > http_access allow manager example > http_access allow westhants > > by the way how are you trying to access the cache_object? > using squidclient ? > i'm using the basic config files on opensuse 12.1 with squid 3.1.16 and it seems to work like that. > sample : > squidclient cache_object://localhost/client_list > > Eliezer > >> >> root@proxy:/etc/squid3# grep -e ^acl -e ^http_acc /etc/squid3/squid.conf >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl example src 192.168.11.16/32 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 >> acl westhants proxy_auth REQUIRED >> http_access allow westhants >> http_access allow manager localhost >> http_access allow manager example >> http_access deny all >> acl westhants-network src 192.168.11.0/24 >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access allow localhost >> http_access allow westhants-network >> http_access deny all >> >> Thanks! >> >> -- >> Jeff MacDonald >> jeff@xxxxxxxxxx >> 902 880 7375 >> > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il
