On 4/8/21 3:11 PM, Elliott Blake, Lisa Marie wrote: > I am trying to get squid to work with a text file for a whitelist. I > get TCP_DENIED/403 on every url I try. I am using curl to test. > curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org Is that the exact curl command you are using or a typo? The above command tells curl to use an HTTPS proxy (https://libaux...) and your squid.conf does not have an https_port so something does not add up. Perhaps your curl version is as old and buggy as your Squid version and it just ignores the "s" in "-x https", but I would remove it anyway. > Server: squid/3.5.20 Could be a bug in that unsupported version, of course. If you share a link to an debug_options ALL,9 cache.log with a problematic transaction, somebody may be able to triage this further. https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction Alex. > Mime-Version: 1.0 > > Date: Wed, 07 Apr 2021 17:38:58 GMT > > Content-Type: text/html;charset=utf-8 > > Content-Length: 3521 > > X-Squid-Error: ERR_ACCESS_DENIED 0 > > Vary: Accept-Language > > Content-Language: en > > X-Cache: MISS from libaux-prod.lib.uic.edu > > X-Cache-Lookup: NONE from libaux-prod.lib.uic.edu:3128 > > Via: 1.1 libaux-prod.lib.uic.edu (squid/3.5.20) > > Connection: keep-alive > > curl: (56) Received HTTP code 403 from proxy after CONNECT > > > > However, if I change my squid.conf to just the url it works. > > acl whitelist dstdomain .arl.org > > *curl -x https://libaux-prod.lib.uic.edu:3128 > <https://libaux-prod.lib.uic.edu:3128> -I https://arl.org > <https://arl.org> * > > HTTP/1.1 200 Connection established > > HTTP/1.1 301 Moved Permanently > > Server: nginx > > Date: Wed, 07 Apr 2021 17:40:31 GMT > > Content-Type: text/html > > Content-Length: 178 > > Connection: keep-alive > > Keep-Alive: timeout=20 > > Location: https://www.arl.org/ <https://www.arl.org/> > > Expires: Wed, 07 Apr 2021 18:40:31 GMT > > Cache-Control: max-age=3600 > > > > I am running a centos 7 os with squid version 3.5.20, which is the most > recent yum version. > > This is driving me crazy. I have tried debugging in squid and cannot > find the answer. I have tried changing the squid.conf file. I always > restart squid after I change the squid.conf file. > > Any help would be appreciated. > > > > My Squid.conf file: > > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > > acl localnet src fc00::/7 # RFC 4193 local private network range > > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) > machines > > > > acl SSL_ports port 443 > > acl Safe_ports port 80 # http > > acl Safe_ports port 443 # https > > acl Safe_ports port 591 # filemaker > > acl CONNECT method CONNECT > > > > http_access deny !Safe_ports > > > > http_access deny CONNECT !SSL_ports > > > > http_access allow localhost manager > > http_access deny manager > > > > acl whitelist dstdomain "/etc/squid/whitelist.txt" > > #acl whitelist dstdomain .arl.org > > http_access allow whitelist > > #http_access allow CONNECT whitelist > > > > http_access deny !whitelist > > > > http_access allow localnet > > http_access allow localhost > > > > http_access deny all > > > > # Squid normally listens to port 3128 > > http_port 3128 > > > > # port 1338 is for Front Desk Machines > > http_port 1338 > > > > coredump_dir /var/spool/squid > > > > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > refresh_pattern . 0 20% 4320 > > > > Beginning of whitelist.txt > > #A Page > > .aacrjournals.org > > .aai.org > > .aaiddjournals.org > > .aap.org > > .aappublications.orga > > .accessanesthesiology.com > > .anthropology.org.uk > > .archivegrid.org > > .arl.org > > .arlstatistics.org > > .artstor.org > > > > Thank you, > > Lisa Blake > > > > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
