Re: [squid-users] Help with accelerated site

From: <Adam_at_Gmail>
Date: Mon, 29 Mar 2010 02:39:24 +0100

Hi Amos,
Thanks again for your reply
You asked me to remove the our_network Acl completely, I have done so I
didn't even comment it, I removed it.
I have commented out the # acl localnet 172.0.0....
I have commented out the # acl localnet 10.0.0.0/8
I have put my own localnet
acl localnet 192.168.1.0/32

http_access allow manager localhost
http_access deny manager
http_access allow localnet

right?

Now for 100% sure I will give it as I said a day or two and see how it goes
for now everything seem to be working fine.
I will email you my website
I have done what you suggested now if there's something you think I haven't
done please let me know
Thanks again
Regards
Adam

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: <squid-users_at_squid-cache.org>
Sent: Monday, March 29, 2010 1:22 AM
Subject: Re: [squid-users] Help with accelerated site

> On Mon, 29 Mar 2010 00:39:40 +0100, "Adam_at_Gmail" <adbasque_at_googlemail.com>
> wrote:
>> Hello Amos,
>> Thanks for your reply and suggestion
>>
>> I have just done what you suggested and I still couldn't access the
>> internet
>> from my local network
>> I completely removed "our_network" and the relevant http_access etc..
>> But couldn't access the internet
>>
>
> Part #1 of my sentence (cleaning out config garbage) completed.
>
> "You need to remove the "our_network" ACL completely"
>
> Part #2 of my sentence (how to enable access) apparently ignored.
>
> ... " and adjust the "localnet" ACL as per the default config
> instructions so that it only specifies your internal LAN IP address
> range(s)."
>
>
> Instead you went on and made up your own approach which complicates your
> setup A LOT and now requires you to juggle many other software
> configurations as well to make them all match the fancy squid.conf ...
>
>
>>
>> After that I did the following
>>
>> added and http_port 8080
>> to the config and up my clients could access the internet and I can
> still
>> access my backend server from the internet
>> So normally everything is working fine
>
> 100% sure about that?
>
> What is your public website name?
>
>
>>
>> I am not sure it's being wise to make squid listen on more than one
> port,
>
> ... not sure it's _wise_ ?!
>
> It's REQUIRED for safe security to run a different port for each type of
> input the proxy receives. When doing so firewall and squid.conf rules
> become very easy to understand and get correct without causing security
> breaches by accidental misconfiguration.
>
> What we have been trying to get you to do is properly setup "http_port 80
> accel vhost" to receive reverse-proxy mode traffic (public website) and
> "http_port 3128" to receive forward-proxy mode traffic (your LAN).
>
>
>> I'll keep a closer eye on it and see what will happen in the next day or
>
>> two.
>> Anyway this for the benefit of anybody who find themselves in the same
> or
>> similar situation
>> if you're forced to use http_port 3128 vhost (in order to access your
>> sites
>> from outside i.e Internet)
>> This is if your sites are on the same webserver on a virtual host
>
> Nobody is ever forced to do this by Squid. You are no exception.
>
> Amos
Received on Mon Mar 29 2010 - 01:39:43 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 12:00:06 MDT