[TriLUG] Trouble with Squid

Roy Vestal rvestal at trilug.org
Sat Aug 22 22:35:47 EDT 2009


Hey all,
  I have squid setup and it appears to be caching and blocking as I 
wish. However, I have an internal server that I am being denied to. On 
top of that, I need to connect to an unregistered port.  I know I've 
missed something in the acls.

Here is the acl section. Any insight would be greatly appreciated:

<snip>

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#blacklist
acl BAD_DOMAINS dstdom_regex "/etc/squid/bad_domains"
http_access deny BAD_DOMAINS

#internal server
acl server dst 10.0.1.150
http_access allow server

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#internal network
acl our_networks src 10.0.1.0/24
http_access allow our_networks

http_access allow localhost
http_access deny all

</snip>

TIA,
-Roy





More information about the TriLUG mailing list