[squid-users] Squid is unable to connect to local webservers from Johnson, S on 2010-04-08 (squid-users)

From: Johnson, S <sjohnson_at_edina.k12.mn.us>
Date: Thu, 8 Apr 2010 09:50:18 -0500

I've got a squid proxy running in transparent mode with an AUP on a "public" wireless network which is separated from our private network. We run a local webserver here and found that users get the AUP and cannot click past it when attempting to get to the local web server.

Without using the proxy I can connect just fine to the web server from the squid server so I know they can see each other.

Everything else works great.

I tried setting up an ACL with localweb (seen in the config below) but that didn't allow it through.

Weird thing is that when I try hitting the local web server, I don't see anything in the squid access.log file which makes be believe that squid isn't even seeing the traffic for some reason.

squid config:

# Credentials past their TTL are removed from memory
#authenticate_ttl 0 seconds

# TAG: acl
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl to_localbox dst 192.168.80.5/32
acl localweb dst 84.8.132.1/32

follow_x_forwarded_for allow localhost
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

external_acl_type session ttl=300 children=1 negative_ttl=0 concurrency=200 %SRC /usr/lib/squid/squid_sessi
on -t 1800

acl session external session

acl localnet src 192.168.80.0/23 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# TAG: http_access
http_access allow localweb
http_access allow to_localbox
deny_info http://192.168.80.5/index.php?url=%s session
http_access allow session
http_access allow SSL_ports
http_access allow CONNECT SSL_ports
http_access deny !session
http_access deny !Safe_ports
Received on Thu Apr 08 2010 - 14:50:22 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 08 2010 - 12:00:03 MDT