Just to confirm that I sent the email Jose E Torres 939-777-4030 JET System Services On Tue, Oct 4, 2016 at 4:41 PM, Jose Torres-Berrocal <jetsystemservices@xxxxxxxxx> wrote: > I do not know the correct terms to the problem I have. > > I have some clients that use a program that tries to connect to: > https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc > > Went to the access.log and found the neodecksoftware.com is being > denied even that I have it in a whitelist file. > > The below info is the error lines fund, the whitelist file content, > and the squid conf: > > ---------------------------------------------------------------------------------------------- > 1475581614.208 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT > neodecksoftware.com:443 - HIER_NONE/- text/html > 1475582327.774 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT > neodecksoftware.com:443 - HIER_NONE/- text/html > > /var/squid/acl/whitelist.acl: > .familymedicinepr.com > .anydesk.com > .teamviewer.com > .secureserver.net > .gmail.com > .mail.yahoo.com > .outlook.com > .aol.com > .libertypr.net > .coqui.net > .prtc.net > .assertus.com > .neodecksoftware.com > .office.net > .microsoft.com > .office.com > .live.com > > # This file is automatically generated by pfSense > # Do not edit manually ! > > http_port 192.168.1.1:3128 > http_port 127.0.0.1:3128 > icp_port 0 > dns_v4_first off > pid_filename /var/run/squid/squid.pid > cache_effective_user squid > cache_effective_group proxy > error_default_language en > icon_directory /usr/local/etc/squid/icons > visible_hostname pfsense > cache_mgr jetsystemservices@xxxxxxxxx > access_log /var/squid/logs/access.log > cache_log /var/squid/logs/cache.log > cache_store_log none > netdb_filename /var/squid/logs/netdb.state > pinger_enable on > pinger_program /usr/local/libexec/squid/pinger > > logfile_rotate 31 > debug_options rotate=31 > shutdown_lifetime 3 seconds > # Allow local network(s) on interface(s) > acl localnet src 192.168.1.0/24 127.0.0.0/8 > forwarded_for on > uri_whitespace strip > > acl dynamic urlpath_regex cgi-bin \? > cache deny dynamic > > cache_mem 512 MB > maximum_object_size_in_memory 256 KB > memory_replacement_policy heap GDSF > cache_replacement_policy heap LFUDA > minimum_object_size 0 KB > maximum_object_size 4 MB > > offline_mode off > cache_swap_low 90 > cache_swap_high 95 > cache allow all > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > > #Remote proxies > > > # Setup some default acls > # From 3.2 further configuration cleanups have been done to make > things easier and safer. The manager, localhost, and to_localhost ACL > definitions are now built-in. > # acl localhost src 127.0.0.1/32 > acl allsrc src all > acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 > 3129 1025-65535 444 > acl sslports port 443 563 444 > > # From 3.2 further configuration cleanups have been done to make > things easier and safer. The manager, localhost, and to_localhost ACL > definitions are now built-in. > #acl manager proto cache_object > > acl purge method PURGE > acl connect method CONNECT > > # Define protocols used for redirects > acl HTTP proto HTTP > acl HTTPS proto HTTPS > acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" > http_access allow manager localhost > > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !safeports > http_access deny CONNECT !sslports > > # Always allow localhost connections > # From 3.2 further configuration cleanups have been done to make > things easier and safer. > # The manager, localhost, and to_localhost ACL definitions are now built-in. > # http_access allow localhost > > request_body_max_size 0 KB > delay_pools 1 > delay_class 1 2 > delay_parameters 1 -1/-1 -1/-1 > delay_initial_bucket_level 100 > delay_access 1 allow allsrc > > # Reverse Proxy settings > > > # Custom options before auth > connect_timeout 2 > > # Always allow access to whitelist domains > http_access allow whitelist > auth_param basic program /usr/local/libexec/squid/basic_radius_auth -w > Maint4030 -h pfsense -p > auth_param basic children 5 > auth_param basic realm Please enter your credentials to access the proxy > auth_param basic credentialsttl 5 minutes > acl password proxy_auth REQUIRED > # Custom options after auth > > > http_access allow password localnet > # Default block all to be sure > http_access deny allsrc > > ---------------------------------------------------------------------------------------------- > > Cordially, > Jose _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
