RE: [squid-users] access denied with squid-3.0

You are getting a "access denied" because in the squid.conf of your acept-2
machine, you need the lines:

acl acept2 src 192.168.1.31/32
http_access accept acept2

In between these lines:

acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhosts

Final config would be:

acl localhost src 127.0.0.1/255.255.255.255
acl acept2 src 192.168.1.31/32
http_access allow acept2
http_access allow localhost
http_access deny all

As for where squid pulls the ip address of the machine, I think in the
access.log it actually pulls the ip address of the requesting machine, and
only does a lookup if you want to see hostnames in your log file, rather
than ip addresses. You should probably tell us how you are initiating these
connections to the proxy, and if you are using any type of redirection like
iptables or the sorts.

Brian

-----Original Message-----
From: Maria Dolores [mailto:mshk@caton.es]
Sent: Wednesday, January 04, 2006 3:40 AM
To: squid-users@squid-cache.org
Subject: [squid-users] access denied with squid-3.0

Greetings,

I have installed squid-3.0 with squidGuard-1.2.0 in two different linux
systems, the configuration of squid in both is identical.
In one of them squid works properly, in the other I obtain the message
'ERROR ... Access denied' when I try to access to the web through the
proxy.
 Neither error message is showed in the squid logs in the second system,
the only difference I have observed is at the access.log file:

In the first system the messages in this file are:
113... 470 127.0.0.1 TCP_REFRESH_MISS /....

In the second system instead of 127.0.0.1 is showed the public IP of the
host:
113... 0 192.168.1.31 TCP_DENIED /403 ....

The file /etc/hosts in the first machine (acept) has the aspect:
127.0.0.1 acept localhost
In the second machine (acept-2) this line was:
127.0.0.1 localhost.localdomain localhost acept-2
I have changed this line for:
127.0.0.1 acept-2 localhost
However the messages in access.log continue showing the public IP and
the problem persists.

What could this error be due to? Where does squid obtain the IP of the
machine?

The squid.conf file's content in both systems is:
        http_port 3128 transparent
        hierarchy_stoplist cgi-bin ?
        acl all src 0/0
        no_cache deny all
        cache_dir null /tmp
        access_log /usr/squid/var/logs/access.log
        cache_log /usr/squid/var/logs/cache.log
        cache_store_log /usr/squid/var/logs/store.log
        hosts_file /etc/hosts
        redirect_program /usr/squidGuard/bin/squidGuard
-c /usr/squid/etc/squidGuard.conf
        redirect_children 4
        refresh_pattern ^ftp: 1440 20% 10080
        refresh_pattern ^gopher:1440 0% 1440
        refresh_pattern . 0 20% 4320
        acl localhost src 127.0.0.1/255.255.255.255
        http_access allow localhosts
        http_access deny all
        http_reply_access allow all
        icp_access allow all
        cache_effective_user squid
        cache_effective_group squid
        visible_hostname acept
        coredump_dir /usr/squid/var/cache

Thanks
        Maria D.
Received on Wed Jan 04 2006 - 11:39:09 MST