Hi again,
just to clarify my situation a little further. Traffic flows like this:
Internet -> router (203.96.59.39) -> squid box (203.96.63.240) ->
destination server (10.10.10.148).
The weird thing is that the access log error shows the squid box's IP
for the POST when I try to log in, not the router address like the rest
of the traffic.
Could someone tell me if they have a method for deriving rules based on
access.log entries? That is, if the access log says:
1110344006.301 0 203.96.63.240 TCP_DENIED/403 1480 POST
> http://www.public.domain/user/login - NONE/- text/html
Can a rule that permits this particular traffic be derived?
Once again, your help will be appreciated! I know it adds to bloat, but
here's my config files sans comments and empty lines:
squid.conf:
http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
cache_dir null /tmp
hosts_file /etc/hosts
redirect_program /usr/lib/squid/jesred
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
no_cache deny all
acl my_site dstdomain .public.domain
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow my_site
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr sysadmin_email
visible_hostname squid.internal.cwa.co.nz
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
jesred.conf:
allow = /etc/jesred.acl
rules = /etc/jesred.rules
redirect_log = /var/log/squid/jesred-redirect.log
rewrite_log = /var/log/squid/jesred-rewrite.log
jesred.acl:
0.0.0.0/0
jesred.rules:
regexi ^http://www.public.domain/(.*) http://www.internal.server\1
/etc/hosts:
127.0.0.1 localhost.localdomain localhost
10.10.10.162 squid squid.internal.cwa.co.nz
The squid box has no public domain name. Thanks for reading!
Regards,
Paul
On Wed, 2005-03-09 at 18:18 +1300, Paul Dorman wrote:
> Hello everyone,
>
> I've been trying to solve this problem for several hours now (you know
> what that's like) without any progress.
>
> I've set up squid in accelerator mode to redirect traffic to a number of
> internal servers. I'm using jesred to do the redirection.
>
> In the following description various strings have been replaced to
> protect the identity of the site (we don't want people using it just
> yet :o) )
>
> I have an acl as follows:
>
> acl my_site dstdomain .public.domain
> http_access allow my_site
>
> Jesred is configured as follows:
>
> In jesred.acl I just have:
>
> 0.0.0.0/0
>
> to rewrite all URLS from all sources.
>
> In jesred.rules I have:
> regexi ^http://www.public.domain/(.*) http://internal.server/\1
>
> I can browse the server without any issue, but if I try to log in I get:
>
> 1110344004.115 997 203.96.59.39 TCP_MISS/404 7336 GET
> http://www.public.domain/favicon.ico - DIRECT/10.10.10.148 text/html
> 1110344006.301 0 203.96.63.240 TCP_DENIED/403 1480 POST
> http://www.public.domain/user/login - NONE/- text/html
> 1110344006.301 2 203.96.59.39 TCP_MISS/403 1580 POST
> http://www.public.domain/user/login - DIRECT/<external address>
> text/html
> 1110344007.305 1003 203.96.59.39 TCP_MISS/404 7336 GET
> http://www.public.domain/favicon.ico - DIRECT/10.10.10.148 text/html
>
> So Squid is denying POST attempts. I've tried all sorts of things but
> always have the same result.
>
> What am I missing here? I can't see anything about this mentioned in
> FAQs or on Google, but I'm sure it's something really simple I've
> missed.
>
> Your help will be greatly appreciated!
>
> Cheers,
> Paul
>
Received on Wed Mar 09 2005 - 11:21:40 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST