Search squid archive

Re: Unable to access internal resources via hostname

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Josh,

Configuring Squid is not a simple task in some cases.
I used to think it's a pretty simple piece of software to configure and
indeed with the right background and labs you can achieve specific goals
easily and fast.
However, I encountered over the years enough situations to understand that
it might not be easy for everybody.

This is the main reason that this mailing list exists, if you need help we
are here to try and help you.
I have seen that Amos and Alex gave you suggestions and I hope these helps
you.

If you need more help I will be happy to give you some of my time via zoom
and to see and try to understand better the scenario and the issues.

Yours,
Eliezer

-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of
Piana, Josh
Sent: Monday, September 16, 2024 9:58 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Unable to access internal resources via hostname

Antony, 

So those two rules were definitely not the way to go, thank you to those who
clarified that to me. 

I'll remove them. 

This is really frustrating. I've been trying to get a working Squid
configuration for weeks now and it is literally a 5 minute process for most
people. 

I'll keep looking and see what else could be blocking traffic. 

-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of
Antony Stone
Sent: Monday, September 16, 2024 2:23 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Unable to access internal resources via hostname

[You don't often get email from antony.stone@xxxxxxxxxxxxxxxxxxxx. Learn why
this is important at https://aka.ms/LearnAboutSenderIdentification ]

Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is
safe.


On Monday 16 September 2024 at 20:06:41, Piana, Josh wrote:

> How I understand the rules are as follows:
> > http_access deny !localnet
>
> This denies HTTP traffic to what I defined as "localnet".

No; firstly the "localnet" ACL is defined by *source* address, therefore
"localnet" matches traffic *from* your local network.

Secondly the ! negates this, therefore "!localnet" matches any source
address which is *not* in your local network.

Therefore "http_access deny !localnet" denies any access from an address not
in your local network.

> > http_access allow localnet

This then allows access from any address which *is* in your local network.

Now, having matched all traffic not from your local network, and all traffic
which is from your local network, you have accounted for all possible
traffic, therefore any other rules have no effect.


Hope this helps,


Antony.

--
Because it messes up the order in which people normally read text.
> Why is top-posting such a bad thing?
> > Top-posting.
> > > What is the most annoying way of replying to e-mail?

                                                   Please reply to the list;
                                                         please *don't* CC
me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux