Search squid archive

Set up squid as a transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have been using Squid 2.9 on OpenBSD 5.0 for a while as a transparent proxy. PF on the proxy box rdr-to redirects all web requests not destined for the box itself to squid running on port 3128. Squid then processes the request based on a series of ACLs, and either allows the request or redirects (deny_info ... all) the request to a page on the proxy box.

I am now working on upgrading the system to OpenBSD 5.5 and Squid 3.4.2 Presumably this will require some config changes, so I'm starting off with a basic config. This is based off of the example installed on OpenBSD, but with most of the rules stripped out.

acl authorized_hosts dstdomain .google.com
acl authorized_hosts dstdomain .wunderground.com
acl authorized_hosts dstdomain .noaa.gov

http_access allow authorized_hosts
http_access deny all

http_port 3128 transparent
http_port 3129 # to avoid errors on startup

coredump_dir /var/squid/cache

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

deny_info http://192.168.10.1/login.py all

What I would expect to happen is that attempts to access google, wunderground, or noaa.gov would work (load the requested page), while all other requests would get my custom block page. What is actually happening is that requests for pages in the authorized_hosts acl get the generic squid "Access Denied" page. Other requests do get my custom page, as expected.

So what did I miss? Why can't I even get basic pages to go through? And why, if squid is denying access, do I get the generic "Access Denied" page rather than the custom one I specified?

At least I know my requests are being forwarded to squid by PF properly. Or so I assume, since I am getting the squid "Access Denied" page.
-----------------------------------------------
Israel Brewster
Systems Analyst II
Ravn Alaska
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7293
-----------------------------------------------






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux