[TriLUG] Trouble with Squid

Roy Vestal rvestal at trilug.org
Sat Aug 22 22:35:47 EDT 2009

Hey all,
  I have squid setup and it appears to be caching and blocking as I 
wish. However, I have an internal server that I am being denied to. On 
top of that, I need to connect to an unregistered port.  I know I've 
missed something in the acls.

Here is the acl section. Any insight would be greatly appreciated:


acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

acl BAD_DOMAINS dstdom_regex "/etc/squid/bad_domains"
http_access deny BAD_DOMAINS

#internal server
acl server dst
http_access allow server

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#internal network
acl our_networks src
http_access allow our_networks

http_access allow localhost
http_access deny all



More information about the TriLUG mailing list