NOTE: please dont use fancy quoting when posting through the Nabble interface. It erases the critical information about your problem from any other copy of the list: On 3/12/2016 9:30 a.m., domshyra wrote: > So I have changed the file to a sample conf file. Here is what it looks like > now > > > > > authenticated_ips is a list of ip addresses that are going to be outgoing > ips and 192.168.1.25 isn't part of it. I have received a new 403 error which > is this below > > > 192.168.1.25 is my macbook which is SSH'd into the raspberry pi > > There is the root cause of your problem. http_access matches the Squid *incoming* traffic. The requests arriving into Squid from clients. Outgoing traffic of a Squid (and thus its outgoing IP(s)) should never be sent back into that Squid. That would be a loop in the traffic. Your access.log says: The client (src) of the requests is 192.168.1.25. The destination is the server 127.0.0.1 port 19536. (PS. why are you logging proxy traffic in web-server format anyway? web servers do not have two TCP connections to deal with like proxies) So like I said earlier: > > Starting from the default config file you should only have to add the > 19536 port to SSL_ports and replace localnet ACL with your > authenticated_ips thing. > > Just be extra paranoid about adding ports to SSL_Ports. Be sure you know > that the protocol(s!) being used over that port are safe. Squid does not > have any control or insight into whats happening over a CONNECT tunnel > once its permitted. 1) Set your http_access lines to be this (notice that it is the default config): http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager # INSERT YOUR OWN RULE(S) HERE ... http_access allow localnet http_access allow localhost http_access deny all 2) Since your client is using 192.168.* the localnet ACL should be reset to the below: #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines 3) Figure out what the strange port 19536 is about. If you actually want that to happen then add the below to your squid.conf: # your reason for adding this port goes here. acl SSL_ports port 19536 Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
