RE: [squid-users] Fedora

From: Gustavo Lazarte <glazarte_at_hurdit.com>
Date: Mon, 15 Sep 2008 20:42:34 -0400

I upgraded and now when I am trying to use my squid server to send traffic to the site 10.2.0.140 the squid server IP is 10.2.0.150.

I also get the Warning cannot write the log file Permission denied.

Then I try the /usr/local/squid/sbin/squid I get cannot write cache.log
Permission denied. I use the user nobody for
cache_effective_user

/usr/local/squid/sbin/squid -z runs correctly

Thanks

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Saturday, September 13, 2008 11:39 AM
To: Gustavo Lazarte
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Fedora

Gustavo Lazarte wrote:
> I got the service working. Now my old configuration from version 2.4 is not working on 3.0 Stable 2.

Please do not use 3.0.stable2 under any circumstances. It does not
perform authentication in any meaningful manner.

For you should use something 3.0.stable7+

3.0.stable9 is just out with the most current stability fixes..

> In theory the traffic was coming from a load balancer and hit the Proxy server. The proxy server then will request 10.2.0.140 for the content.
>
> When I try to start the service with my old configuration is having problems with the following lines, is the syntax different?
>
> acl all src 0.0.0.0/0.0.0.0 ***warning***
> | acl manager proto cache_object
> | acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
> | 127.0.0.0/8 acl ssl_ports ports 443 563 acl safe_port port 80 acl
> | safe_port ....
> | acl connect method connect
> | acl mylan src 127.0.0.1 ***Fatal Error***
> | acl mysites 10.2.0.140 *** Fatal Error***
> |
> | http_access allow manager localhost
> | http_access deny manager
> | http_access deny !safe_port
> | http_access deny to_localhost
> | http_access allow mysites
> | http_access deny all
> |
> | http_reply_access allow MYLAN ***Fatal Error***
> | http_reply_access allow all
>
> Even with the default config I am not able to telnet to port 80 on the squid server.

Correct. If squid cannot read it's config it wont be able to start
operating.

Use a newer version, and please indicate what the warning messages are.
My informed guess is listed below

  acl all src ...
** fully built-in now. no need to specify.

acl mylan src 127.0.0.1
  ** weird, check that line for extra text or invisible binary
characters. same for the other src one.

http_reply_access allow MYLAN
http_reply_access allow all

** earlier failure of src ACL above may cause this
** only the allow all is needed.

Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Tue Sep 16 2008 - 00:42:49 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 16 2008 - 12:00:03 MDT