On 14/12/17 11:32, Paul Hackmann wrote:
Amos,
I will do an update to the most recent version and see if that helps.
It was one of those situations where if it ain't broke, don't fix it.
And up until now, it has worked very well.
You are right, I had brain fade about port 4120. It should NOT ask for
authentication ever, and only connect to whitelisted sites, which is
what I want.
I've made the changes you recommended to the conf file. So far,
everything seems to be working as I expect it to. Thank you!
One more question if you don't mind. I am trying to add some ip
addresses as whitelisted for port 4120. I guess I can't add those to
the whitelist file, because it's formatting doesn't work with IP
addresses?
Sort of. dstdomain can accept IPs for matching against raw-IP text
strings in URLs where domain should have been. But does not do ranges
like you need there.
So yes dst is the one to use there.
However, be aware that it will match if *any* IPs for the domain being
fetched is in your whitelist set. It has nothing to do with whether that
matching dst-IP is actually used by Squid on the server connection.
To workaround that is where explicitly configuring "never_direct allow
all" comes in handy.
I read that you can add them into the conf file. I've
created the following acl line:
acl 8x8 dst 8.5.248.0/23 8.28.0.0/22 63.209.12.0/24
162.221.236.0/23 162.221.238.0/23 192.84.16.0/22
and I tried to add 8x8 to the the http_access line:
http_access allow whitelist 8x8
but when I did that, the 4120 port started asking for authentication,
which is wrong. Can you tell me how to open those ip address ranges for
port 4120?
Your use of http_access is not quite right.
see <https://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes>
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users