Re: [squid-users] shtml, jhtml access problems

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 29 Mar 2002 12:17:10 +0100

See the Squid FAQ on how to use Squid from inside a firewall.

Regards
Henrik

Ian Moore wrote:
>
> Hi,
> I've just built a new proxy server up after a hard drive crash last
> week. I'm running FreeBSD-4.4-RELEASE with squid 2.4 Stable 2. I used my
> old squid.conf as a model for the new version (the old squid was 2.3).
> It looks like this:
> http_port 3128
> icp_port 0
> tcp_outgoing_address 0.0.0.0
> udp_incoming_address 0.0.0.0
> udp_outgoing_address 0.0.0.0
> cache_peer proxy.hamcoll.sa.edu.au parent 3128 0 no-query default #our
> upstream proxy
> #which all users have to authenticate to to get past the firewall
> #hierarchy_stoplist cgi-bin ? #This stopped access to search engines
> #acl QUERY urlpath_regex cgi-bin \?
> #no_cache deny QUERY
> #I tried adding these lines to see if it would fix our problems
> acl DHTML urlpath_regex \.(jhtml|phtml|shtml) \.asp \? cgi-bin \.cgi
> \.pl
> #always_direct allow DHTML #The firewall prevents any direct access
> no_cache deny DHTML
>
> cache_mem 64 MB
> cache_swap_low 90
> cache_swap_high 95
> cache_dir ufs /usr/local/squid/cache 6000 32 512
> dns_nameservers 10.61.40.49 10.255.0.10 10.255.0.9
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl Curriculum src 10.61.40.0/255.255.248.0 #first local subnet
> acl Admin src 10.58.60.0/255.255.255.0 #second local subnet
> ttp_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow all Curriculum
> http_access allow all Admin
> http_access deny all
>
> icp_access allow all
> miss_access allow all
> cache_mgr imoore@hamcoll.sa.edu.au
> visible_hostname xxxxx.hamcoll.sa.edu.au
> cachemgr_passwd xxxxx info stats/objects
>
> The new version mostly works, but has trouble with some sites. I had to
> comment out the hierarchy_stoplist cgi-bin ? line to get search engines
> to work. There are other sites that still won't work though.
>
> One is www.whitepages.com.au
>
> The page comes up, but if I search for a number, the results never
> appear, I get a request timed out message:
>
> ERROR
> The requested URL could not be retrieved
> While trying to retrieve the URL:
> http://www.whitepages.com.au/wp/search/results.jhtml?
> The following error was encountered:
> Connection Failed
> The system returned:
> (60) Operation timed out
> The remote host or network may be down. Please try the request again.
>
> Another site that won't work is logging onto the cisco academy site.
> The timeout page for it is:
>
> ERROR
> The requested URL could not be retrieved
> While trying to retrieve the URL:
> http://cisco.netacad.net/cnacs/prot-doc/index.shtml
> The following error was encountered:
> Connection Failed
> The system returned:
> (60) Operation timed out
> The remote host or network may be down. Please try the request again.
>
> There seems to be some problem with .shtml and .jhtml pages? (Both sites
> work if I don't use our proxy server).
> I've had a look thru' the archives and FAQ but can't find any solutions.
> Any ideas anyone?
>
> Cheers,
> --
> Ian Moore
Received on Fri Mar 29 2002 - 04:24:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:12 MST