Re: [squid-users] Help getting to work squid in accel mode, newbie. Access control configuration prevents your request from being allowed at this time.

Hello,

I have revised my config and included the lines as the wiki Reverse
Proxy suggested, however Iam now recieving a "Endless Loop" error from
the browser and will not display the site.

Below is the config Iam using without the squid comments.

http_port 80 accel defaultsite=protected_domain.com
                     ## MODIFIED LINE
cache_peer <protected.ip> parent 80 0 no-query originserver
name=myAccel ## MODIFIED LINE

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl our_sites dstdomain protected_domain.com # included before
any other http_access as instructed
http_access allow our_sites #
included before any other http_access as instructed
cache_peer_access myAccel allow our_sites # included before
any other http_access as instructed
cache_peer_access myAccel deny all # included before
any other http_access as instructed

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
hierarchy_stoplist cgi-bin ?
access_log /var/squid/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/squid/cache

Help is appreciated.

Andres

On Mon, Jul 27, 2009 at 11:17 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
> On Mon, 27 Jul 2009 22:43:11 -0500, Andres Salazar <ndrsslzr80_at_gmail.com>
> wrote:
>> Hello,
>>
>> iam using SQUID 2.7.STABLE3 and Iam trying to setup a reverse proxy
>> for my site whatwould.org , I have followed the instructions at:
>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>> and other internet toturials with no joy.
>>
>> The error Iam getting with that config is: Access control
>> configuration prevents your request from being allowed at this time.
>
> Part 1: highlighted note #1:
>
> "This configuration MUST appear at the top of squid.conf above any other
> forward-proxy configuration (http_access etc). Otherwise the standard proxy
> access rules block some people viewing the accelerated site."
>
> MUST == MUST!!
>
>>
>> The squid install resides on a different box then the real webserver.
>>
>> My configuration without comments is the following, help is much
>> appreciated!
>>
>>
>> acl all src all
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
>> acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>> acl SSL_ports port 443
>> acl Safe_ports port 80          # http
>> acl Safe_ports port 21          # ftp
>> acl Safe_ports port 443         # https
>> acl Safe_ports port 70          # gopher
>> acl Safe_ports port 210         # wais
>> acl Safe_ports port 1025-65535  # unregistered ports
>> acl Safe_ports port 280         # http-mgmt
>> acl Safe_ports port 488         # gss-http
>> acl Safe_ports port 591         # filemaker
>> acl Safe_ports port 777         # multiling http
>> acl CONNECT method CONNECT
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access allow localnet
>> http_access deny all
>> icp_access allow localnet
>> icp_access deny all
>> http_port 80 accel defaultsite=whatwould.org
>> cache_peer 96.232.105.54 parent 80 0 no-query originserver name=myAccel
>> acl our_sites dstdomain whatwould.org
>> http_access allow our_sites
>> cache_peer_access myAccel allow our_sites
>> cache_peer_access myAccel deny all
>> hierarchy_stoplist cgi-bin ?
>> access_log /var/squid/logs/access.log squid
>> refresh_pattern ^ftp:           1440    20%     10080
>> refresh_pattern ^gopher:        1440    0%      1440
>> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
>> refresh_pattern .               0       20%     4320
>> acl apache rep_header Server ^Apache
>> broken_vary_encoding allow apache
>> coredump_dir /var/squid/cache
>>
>>
>>
>> Andres
>
Received on Tue Jul 28 2009 - 15:09:09 MDT