Did you got it working eventually? Eliezer From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Elliott Blake, Lisa Marie I am trying to get squid to work with a text file for a whitelist. I get TCP_DENIED/403 on every url I try. I am using curl to test. acl whitelist dstdomain "/etc/squid/whitelist.txt" curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org HTTP/1.1 403 Forbidden Server: squid/3.5.20 Mime-Version: 1.0 Date: Wed, 07 Apr 2021 17:38:58 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3521 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from libaux-prod.lib.uic.edu X-Cache-Lookup: NONE from libaux-prod.lib.uic.edu:3128 Via: 1.1 libaux-prod.lib.uic.edu (squid/3.5.20) Connection: keep-alive curl: (56) Received HTTP code 403 from proxy after CONNECT However, if I change my squid.conf to just the url it works. acl whitelist dstdomain .arl.org curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org HTTP/1.1 200 Connection established HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 07 Apr 2021 17:40:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Keep-Alive: timeout=20 Location: https://www.arl.org/ Expires: Wed, 07 Apr 2021 18:40:31 GMT Cache-Control: max-age=3600 I am running a centos 7 os with squid version 3.5.20, which is the most recent yum version. This is driving me crazy. I have tried debugging in squid and cannot find the answer. I have tried changing the squid.conf file. I always restart squid after I change the squid.conf file. Any help would be appreciated. My Squid.conf file: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Safe_ports port 591 # filemaker acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager acl whitelist dstdomain "/etc/squid/whitelist.txt" #acl whitelist dstdomain .arl.org http_access allow whitelist #http_access allow CONNECT whitelist http_access deny !whitelist http_access allow localnet http_access allow localhost http_access deny all # Squid normally listens to port 3128 http_port 3128 # port 1338 is for Front Desk Machines http_port 1338 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 Beginning of whitelist.txt #A Page .aacrjournals.org .aai.org .aaiddjournals.org .aap.org .aappublications.orga .accessanesthesiology.com .anthropology.org.uk .archivegrid.org .arl.org .arlstatistics.org .artstor.org Thank you, Lisa Blake |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
