I have default config...
squid.conf
Thanks.
---->
ACCESS CONTROLS
#
-----------------------------------------------------------------------------
# TAG: acl
# Defining an Access List
#
# acl aclname acltype string1 ...
# acl aclname acltype "file" ...
#
# when using "file", the file should contain one item per line
#
# acltype is one of src dst srcdomain dstdomain url_pattern
# urlpath_pattern time port proto method browser user
#
# By default, regular expressions are CASE-SENSITIVE. To make
# them case-insensitive, use the -i option.
#
# acl aclname src ip-address/netmask ... (clients IP address)
# acl aclname src addr1-addr2/netmask ... (range of
addresses)
# acl aclname dst ip-address/netmask ... (URL host's IP
address)
# acl aclname myip ip-address/netmask ... (local socket IP
address)
#
# acl aclname srcdomain foo.com ... # reverse lookup, client
IP
# acl aclname dstdomain foo.com ... # Destination server
from URL
# acl aclname srcdom_regex [-i] xxx ... # regex matching client
name
# acl aclname dstdom_regex [-i] xxx ... # regex matching server
# # For dstdomain and dstdom_regex a reverse lookup is tried if
a IP
# # based URL is used. The name "none" is used if the reverse
lookup
# # fails.
#
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
# acl aclname url_regex [-i] ^http:// ... # regex matching on
whole URL
# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching
on URL path
# acl aclname port 80 70 21 ...
# acl aclname port 0-1024 ... # ranges allowed
# acl aclname proto HTTP FTP ...
# acl aclname method GET POST ...
# acl aclname browser [-i] regexp
# # pattern match on User-Agent header
# acl aclname ident username ...
# # string match on ident output.
# # use REQUIRED to accept any non-null ident.
# acl aclname src_as number ...
# acl aclname dst_as number ...
# # Except for access control, AS numbers can be used for
# # routing of requests to specific caches. Here's an
# # example for routing all requests for AS#1241 and only
# # those to mycache.mydomain.net:
# # acl asexample dst_as 1241
# # cache_peer_access mycache.mydomain.net allow asexample
# # cache_peer_access mycache_mydomain.net deny all
#
# acl aclname proxy_auth username ...
# # list of valid usernames
# # use REQUIRED to accept any valid username.
# #
# # NOTE: when a Proxy-Authentication header is sent but it is
not
# # needed during ACL checking the username is NOT logged
# # in access.log.
# #
# # NOTE: proxy_auth requires a EXTERNAL authentication program
# # to check username/password combinations (see
# # authenticate_program).
# #
# # WARNING: proxy_auth can't be used in a transparent proxy. It
# # collides with any authentication done by origin servers. It
may
# # seem like it works at first, but it doesn't.
#
# acl aclname snmp_community string ...
# # A community string to limit access to your SNMP Agent
# # Example:
# #
# # acl snmppublic snmp_community public
#
#
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#
#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# Access to the ICP port:
# icp_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to allow
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access deny all
# TAG: icp_access
# Reply to all ICP queries we receive
#
icp_access allow all
# TAG: miss_access
# Use to force your neighbors to use you as a sibling instead of
# a parent. For example:
#
# acl localclients src 172.16.0.0/16
# miss_access allow localclients
# miss_access deny !localclients
#
# This means that only your local clients are allowed to fetch
# MISSES and all other clients can only fetch HITS.
#
# By default, allow all clients who passed the http_access rules
# to fetch MISSES from us.
miss_access allow all
# TAG: cache_peer_access
# Similar to 'cache_peer_domain' but provides more flexibility by
# using ACL elements.
#
# cache_peer_access cache-host allow|deny [!]aclname ...
#
# The syntax is identical to 'http_access' and the other lists of
# ACL elements. See the comments for 'http_access' below, or
# the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/FAQ-10.html).
# TAG: proxy_auth_realm
# Specifies the realm name which is to be reported to the client
for
# proxy authentication (part of the text the user will see when
# prompted their username and password).
#
#proxy_auth_realm Squid proxy-caching web server
# TAG: ident_lookup_access
# A list of ACL elements which, if matched, cause an ident
# (RFC 931) lookup to be performed for this request. For
# example, you might choose to always perform ident lookups
# for your main multi-user Unix boxes, but not for your Macs
# and PCs. By default, ident lookups are not performed for
# any requests.
#
# To enable ident lookups for specific client addresses, you
# can follow this example:
#
# acl ident_aware_hosts src 198.168.1.0/255.255.255.0
# ident_lookup_access allow ident_aware_hosts
# ident_lookup_access deny all
#
# This option may be disabled by using --disable-ident with
# the configure script.
#ident_lookup_access deny all
Andrew Kenna wrote:
>
> Make sure you do not have any acl lists in the config file that specifiy to
> not allow http requests.
>
> Regards
>
> Andrew
>
> -----Original Message-----
> From: Juan A. Becerril Castillo <jabc@moz.com.mx>
> To: Squid Users <squid-users@ircache.net>
> Date: Tuesday, January 04, 2000 11:32 AM
> Subject: Help
>
> >I have this problem with SQUID-2.2STABLE5
> >
> >Any sugestion ?
> >
> >
> >946942914.397 4 192.168.1.14 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946942914.830 4 192.168.1.14 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946942921.935 9 192.168.1.14 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946943036.408 11 192.168.1.13 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946943056.991 173 192.168.1.13 TCP_DENIED/403 1058 GET
> >http://messenger.netscape.com/bookmark/4_5/messengerstart.html - NONE/-
> >-
> >946943457.781 3 192.168.1.10 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946943481.378 12 192.168.1.10 TCP_DENIED/403 992 GET
> >http://www.tatilandia.com.mx/ - NONE/- -
> >946943489.117 11 192.168.1.10 TCP_DENIED/403 986 GET
> >http://www.tatilandia.com/ - NONE/- -
> >946943497.416 5 192.168.1.10 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946943499.312 5 192.168.1.10 TCP_DENIED/403 970 GET
> >http://moz.com.mx/ - NONE/- -
> >946943500.549 5 192.168.1.10 TCP_DENIED/403 1034 GET
> >http://home.netscape.com/bookmark/4_7/tsearch.html - NONE/- -
> >946943502.538 5 192.168.1.10 TCP_DENIED/403 1034 GET
> >http://home.netscape.com/bookmark/4_7/tsearch.html - NONE/- -
> >946943503.343 5 192.168.1.10 TCP_DENIED/403 1032 GET
> >http://home.netscape.com/bookmark/4_7/tstart.html - NONE/- -
> >946943504.328 5 192.168.1.10 TCP_DENIED/403 1032 GET
> >http://home.netscape.com/bookmark/4_7/tstart.html - NONE/- -
> >946943539.625 5 192.168.1.10 TCP_DENIED/403 986 GET
> >http://www.tatilandia.com/ - NONE/- -
Received on Mon Jan 03 2000 - 20:00:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:13 MST