Re: [squid-users] Chat Apps getting blocked from Amos Jeffries on 2008-04-21 (squid-users)

From: Amos Jeffries <squid3@dont-contact.us>
Date: Tue, 22 Apr 2008 01:13:49 +1200

Odhiambo Washington wrote:
> Hello List,
>
> I copycat(ed) a squid.conf from this list a few days ago and did
> minimal config mods just to allow my network to use it. It works great
> with youtube caching, but stranegly, it blocks MSN/Yahoo chats, but I
> sincerely cannot see where this is happening. The file can be access
> from the following URL:
>
> https://212.22.160.35/~wash/squid.conf.txt
> (I use a self-signed certificate, so please just accept it)
>
> I get the following in the access log:
>
> 1208510066.248 7255 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.110.28:1863 - NONE/- text/html
> 1208510066.726 7850 192.168.0.150 TCP_DENIED/403 1422 CONNECT
> 207.46.110.89:1863 - NONE/- text/html
> 1208510100.571 847 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.110.94:1863 - NONE/- text/html
> 1208510119.339 28 192.168.0.150 TCP_DENIED/403 1422 CONNECT
> 207.46.110.94:1863 - NONE/- text/html
> 1208510173.114 853 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.108.13:1863 - NONE/- text/html
> 1208510216.270 668 192.168.0.150 TCP_DENIED/403 1422 CONNECT
> 207.46.108.85:1863 - NONE/- text/html
> 1208510300.314 852 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.108.97:1863 - NONE/- text/html
> 1208510347.723 853 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.108.86:1863 - NONE/- text/html
> 1208510371.584 823 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.108.66:1863 - NONE/- text/html
> 1208510408.981 20 192.168.0.150 TCP_DENIED/403 1422 CONNECT
> 207.46.108.97:1863 - NONE/- text/html
> 1208510413.535 1673 192.168.0.106 TCP_DENIED/403 1422 CONNECT
> 207.46.108.93:1863 - NONE/- text/html
> 1208510488.270 19 192.168.0.106 TCP_DENIED/403 1438 CONNECT
> messenger.hotmail.com:1863 - NONE/- text/html
> 1208510609.843 0 192.168.0.117 TCP_DENIED/403 1426 CONNECT
> talk.google.com:5222 - NONE/- text/html
> 1208510609.844 0 192.168.0.117 TCP_DENIED/403 1430 CONNECT
> scs.msg.yahoo.com:5050 - NONE/- text/html
> 1208510616.495 0 192.168.0.117 TCP_DENIED/403 1426 CONNECT
> talk.google.com:5222 - NONE/- text/html
> 1208510617.057 1 192.168.0.117 TCP_DENIED/403 1430 CONNECT
> scs.msg.yahoo.com:5050 - NONE/- text/html
> 1208510637.734 20 192.168.0.106 TCP_DENIED/403 1438 CONNECT
> messenger.hotmail.com:1863 - NONE/- text/html
> 1208510643.865 31 192.168.0.106 TCP_DENIED/403 1438 CONNECT
> messenger.hotmail.com:1863 - NONE/- text/html
> 1208510676.014 0 192.168.0.117 TCP_DENIED/403 1430 CONNECT
> scs.msg.yahoo.com:5050 - NONE/- text/html
<snip>
>
> Where in the acls is this coming from?
>

You have:
http_access deny CONNECT !SSL_ports

If you really want to allow the chat programs out, then you will need to
add an acl for their domain/ports and allow CONNECT for them.

Amos

-- 
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

Received on Tue Apr 22 2008 - 12:37:05 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT