On 2/12/2016 4:36 a.m., domshyra wrote: > Hello. I have looked for countless hours to solve this problem. > I have tried reordering the config file so that > are all in different orders > > I've messed with http_access deny !Safe_ports > > None of the regular trouble shooting issues helped. > I am on wifi on the pi with a static ip address, and I have tried explicitly > adding that as well > Try: <http://wiki.squid-cache.org/SquidFaq/OrderIsImportant> You have mentioned quite a few things being tried, but the config you put the changes matters a lot to determine whether an attempt works or not. <snip> > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > #acl localnet src 192.168.1.39/24 #home wifi You removed the default "http_access allow localnet" line that uses this ACL check to let traffic through. <snip> > > # SAFE PORTS > acl SSL_ports port 443 494 2598 <snip> > acl Safe_ports port 1025-65535 # unregistered ports > acl CONNECT method CONNECT > never_direct allow all > So Squid is never allowed to connect to any server ... Um. > acl authenticated_ips src "/etc/squid3/ip_auth" > > # HTTP ACCESS > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access allow authenticated_ips > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access deny all > icp_access deny all > htcp_access deny all <snip> > pi@raspberrypi:~ $ sudo tail -F /var/log/squid3/access.log > 1480315313.153 1 192.168.1.25 TCP_DENIED/403 3637 CONNECT 127.0.0.1:19536 - HIER_NONE/- text/html Read through the http_access ACL checks top-down left-to-right ... > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access allow authenticated_ips > http_access deny CONNECT !SSL_ports > http_access allow localhost These 403 transactions are; *not* cache manager requests, next *not* cache manager requests, next *are* to a port listed in Safe_ports, next Is 192.168.1.25 or a subnet containing it listed in the file /etc/squid3/ip_auth ? Was it listed there when you started or last reconfigured Squid? Starting from the default config file you should only have to add the 19536 port to SSL_ports and replace localnet ACL with your authenticated_ips thing. Just be extra paranoid about adding ports to SSL_Ports. Be sure you know that the protocol(s!) being used over that port are safe. Squid does not have any control or insight into whats happening over a CONNECT tunnel once its permitted. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
