[squid-users] Dial in users aren't hitting Squid

From: William Carty <admin@dont-contact.us>
Date: Wed, 13 Feb 2002 17:30:32 -0500

I cannot figure this out & hope someone has some idea what is causing it
to happen...

I have a squid box that dial in users are going to be using to access
the web. It's set up to block porn / etc.

Users dial in to a cisco 3640. The 3640 & the squid box are located on
the same physical network.

If I sit at another workstation connected to the LAN that the 3640 & the
squid box are on - I set up MSIE to use the proxy & everything works
fine.

If I dial in & have MSIE configured to use the proxy, it bypasses it
completely! I get no "access denied" from squid, doing a tail on the
access log, I see absolutley no requests to squid as people are surfing.
It's as if MSIE is ignoring the fact that I've told it to use a proxy.

The IP address pool the dialin users get their IP from is on the same
subnet as the squid box & the router - so it should be like they're
sitting on the LAN, too.

I can't figure out why these dialin people aren't hitting the proxy. If
it were one machine, I'd pass it off as a problem with their set up...
but I'm looking at about 15 people having the same problem.

I've worked on this most of the day. Does anyone have any idea what
would cause this sort of thing to happen?

Here's the ACL section of my squid.conf... I don't think anything is
wrong with it as I'm able to use the proxy from the machines on
Ethernet...

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.0
acl afam src 208.62.39.32/255.255.255.224
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl porn url_regex "/etc/squid/domains.block"
acl notporn url_regex "/etc/squid/domains.exclude"

http_access allow notporn
http_access deny porn
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow afam
http_access deny all

TIA!!!!!!
Received on Wed Feb 13 2002 - 15:25:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:21 MST