Re: squid-users Digest, Vol 29, Issue 26

[anand <anand@xxxxxxxxxxx>]

Hello Alex,

Please confirm the proxy is configured for parent/sibling proxy ?, if 
not please remove following lines from the squid conf.

"never_direct allow all"

"icp_access deny all"

If the issue raises again, kindly share your updated/current squid conf files in mailing list.

Thanks,
Anand P

On 1/12/2017 6:09 AM, squid-users-request@xxxxxxxxxxxxxxxxxxxxx wrote:
> Send squid-users mailing list submissions to
> 	squid-users@xxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
> 	squid-users-request@xxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> 	squid-users-owner@xxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
>     1. TCP 403 Denied on new squid build out (roadrage27)
>     2. Re: squid-users Digest, Vol 29, Issue 21 (Vidyadhish Joshi)
>     3. Re: TCP 403 Denied on new squid build out (Matus UHLAR - fantomas)
>     4. Re: TCP 403 Denied on new squid build out (roadrage27)
>     5. Re: TCP 403 Denied on new squid build out (Matus UHLAR - fantomas)
>     6. Re: TCP 403 Denied on new squid build out (roadrage27)
>     7. Re: Transparent Proxy in AWS (Jason Haar)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 11 Jan 2017 08:32:49 -0800 (PST)
> From: roadrage27 <alex.tate@xxxxxxxxx>
> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
> Subject:  TCP 403 Denied on new squid build out
> Message-ID: <1484152369267-4681127.post@xxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
>
> Built out Squid 3.5 on ubuntu 14.04  logs showing 403 denied when accessing
> any resources, any help is appreciated
>
> here is my conf file for reference.
>
>
> acl localhost src 127.0.0.1/32
>
> acl to_localhost dst 127.0.0.0/8
>
> acl localnet src 0.0.0.0/8 10.145.68.0/24
>
> acl myip src 10.145.68.148/32
>
> acl to_localnet dst 10.145.68.0/24
>
> acl search_engines dstdomain .yahoo.com .google.com
>
> acl SSL_ports port 443
>
> acl Safe_ports port 80          # http
>
> acl Safe_ports port 21          # ftp
>
> acl Safe_ports port 443         # https
>
> acl Safe_ports port 70          # gopher
>
> acl Safe_ports port 210         # wais
>
> acl Safe_ports port 1025-65535  # unregistered ports
>
> acl Safe_ports port 280         # http-mgmt
>
> acl Safe_ports port 488         # gss-http
>
> acl Safe_ports port 591         # filemaker
>
> acl Safe_ports port 777         # multiling http
>
>   
>
> acl CONNECT method CONNECT
>
> never_direct allow all
>
> http_access allow search_engines
>
> http_access allow manager localhost
>
> http_access deny manager
>
> http_access deny !Safe_ports
>
> http_access allow localnet
>
> http_access allow to_localnet
>
> http_access allow myip
>
> http_access allow all
>
> http_access deny to_localhost
>
> icp_access deny all
>
> http_access deny all
>
>   
>
> http_port 3128
>
> hierarchy_stoplist cgi-bin ?
>
> access_log /var/log/squid3/access.log squid
>
>   
>
>   
>
> #Suggested default:
>
> refresh_pattern ^ftp:           1440    20%     10080
>
> refresh_pattern ^gopher:        1440    0%      1440
>
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>
> refresh_pattern .               0       20%     4320
>
> # Leave coredumps in the first cache dir
>
> coredump_dir /var/spool/squid3
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-403-Denied-on-new-squid-build-out-tp4681127.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 11 Jan 2017 22:26:19 +0530
> From: Vidyadhish Joshi <vvjoshi5@xxxxxxxxx>
> To: Amos Jeffries <squid3@xxxxxxxxxxxxx>
> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re:  squid-users Digest, Vol 29, Issue 21
> Message-ID:
> 	<CAMRD5gR=NyYyNNg07pJp1zsc9UCnFSN6REMGO9CSrxkcdreaPg@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> Thank s a lot , Amos
>
> I will try these things
>
> On 11-Jan-2017 9:22 PM, "Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote:
>
> > On 12/01/2017 3:55 a.m., Vidyadhish Joshi wrote:
> > > Amos, thank you for the details.
> > > Need pointers for caching the dynamic contents. My app has static n
> > dynamic
> > > cache n static am able to cache it . For dynamic the URL is getting
> > > appended with query string.  Is there a way to cache dynamic contests n
> > > what would be configuration changes to cache dynamic ones.
> > Sure;
> >
> > * Use the latest 3.5 version you can. There have been small but
> > important improvements across the whole series.
> >
> >
> > * Make sure you _do not_ have the old Squid-2 QUERY ACL denying storage
> > ('cache deny QUERY' line in squid.conf) for those objects.
> >
> >
> > * Make sure your refresh_pattern lines _do not_ contain ignore-auth,
> > ignore-no-cache, ignore-must-revalidate, ignore-no-store or
> > override-lastmod.
> >   - you can add store-stale if you want to increase the caching further.
> >
> >
> > * Make sure you _do_ have these Squid-3 default refresh_patterns. The 0
> > value's are important to be 0. The other numbers you can change as wanted:
> >
> >    refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> >    refresh_pattern .               0       20%     4320
> >
> >
> > * Make sure your server produces appropriate caching options indicating
> > how long the content is to be cached. Specifically either Expires or
> > Cache-Control:max-age=N indicating when it will next change, or
> > Cache-Control:must-revalidate to require constant REFRESH.
> >   see <https://tools.ietf.org/html/rfc7234> for more details
> >
> >
> > * Your server should also produce Last-Modified and/or ETag headers for
> > content it generates. And handle the If-* request headers on received
> > requests to produce 304 responses when the content is unchanged.
> >   see <https://tools.ietf.org/html/rfc7232> for more details
> >
> >   - when the server properly handles these If-* headers you can add the
> > refresh_pattern option refresh-ims and/or reload-into-ims to further
> > increase caching. (Until the server properly revalidates these options
> > are useless.)
> >
> >
> > Amos
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170111/d6932171/attachment-0001.html>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 11 Jan 2017 20:33:13 +0100
> From: Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re:  TCP 403 Denied on new squid build out
> Message-ID: <20170111193313.GA6491@xxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
> On 11.01.17 08:32, roadrage27 wrote:
> > Built out Squid 3.5 on ubuntu 14.04  logs showing 403 denied when accessing
> > any resources, any help is appreciated
> please show us at least one line from logs...
>
> > here is my conf file for reference.
> no need to put empty line between all lines ...

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users