Squid

[]SK[]

Ive setup squid on a small machine I have sat here. I cant seem to get it to allow me access though. I believe im correct with these settings in the squid conf file.

acl allowed_hosts src 10.50.0.0/16
http_access allow allowed_hosts
http_access deny all

Im using a class B subnet (10.50.x.x/255.255.0.0)

Anyone spot a mistake?

access.log says:

1105296126.545    344 10.50.0.11 TCP_DENIED/403 1339 GET http://www.google.co.uk/ - NONE/- text/html

 

[Athan]

Other than subnet used the only substantial difference I can see between your config and mine is that you're using network/XX notation and I'm using network/netmask notation.

i.e. 10.50.0.0/16 versus 10.50.0.0/255.255.0.0

Although a quick look at the Squid FAQ says that network/XX should indeed work.

Sure you've restarted/reloaded the squid since the config change ?

-Ath

 

[]SK[]

Ive also tried 255.255.0.0.
Yes ive reloaded. Ive read many a site which all are just about making sure youve got the correct acl added. Ive tried so many variations but all are access denied. Only thing I can think left to try is to maybe stick me on the 10.50.2.x range and change it to a class C subnet. My PC is currently 10.50.0.5.

 

[]SK[]

Question though. If I change

http_access deny all

to

http_access allow all

Would this allow anyone through? If so mine wont
Makes me think theres something else in the config. I would paste the whole config but it wouldnt fit on here.

 

[TdC]

what happens when you turn the deny and allow rules around? ie deny from * first, then allow from someIP?

 

[]SK[]

So you mean

http_access deny all
acl allowed_hosts src 10.50.0.0/16
http_access allow allowed_hosts

?

So the manual says the very last command for the access section should be the deny all command. I could try it later, not at home atm though.

 

[Athan]

All the allows and then the global deny last IS correct.

The fact that changing the global deny to a global allow doesn't change anything makes me think your squid isn't even using THAT config file. If it was me I'd run it with strace to see exactly what file it was opening and parsing . You can try running:

strings `which squid` | grep squid.conf

This quickly shows it to be /etc/squid.conf on my machine (Debian 3.0/Woody box).

HTH,

-Ath

 

[]SK[]

Ill try that command later. Tnx Athan.

 

[]SK[]

/etc/squid/squid.conf

bugger... ive been editing /usr/local/squid/etc/squid.conf

 

[Athan]

You're welcome .

-Ath

 

[TdC]

lol that wouldn't be a first find all of them and hard / softlink them to a protected original file. we have an app at work that stupidly demands to have it's config file in three places or somesuch. total idiocy.