Agree with you on the meat of the problem.
But being an ISP handling millions of sites everyday
with multiple squids having the same config, it is
highly unlikely that it is due to the acl list. It is
just this site. Anyway I've checked and found nothing
that is likely to be the problem.
Can someone surf to this site by pointing your browser
to your squid box and let me know your result? Thanks.
------------------------------
#3 access list files
acl TP src
"/usr/local/squid-2.5.STABLE10-20050725/etc/TPsrc.acl"
acl SDeny src
"/usr/local/squid-2.5.STABLE10-20050725/etc/deny.acl"
acl SAllow src
"/usr/local/squid-2.5.STABLE10-20050725/etc/allow.acl"
#4 banned list files
acl SBA dstdomain
"/usr/local/squid-2.5.STABLE10-20050725/etc/SBA.txt"
#acl SBA2 dst
"/usr/local/squid-2.5.STABLE10-20050725/etc/SBA2.txt"
acl SBA3 url_regex
"/usr/local/squid-2.5.STABLE10-20050725/etc/SBA3.txt"
acl CNB dstdomain
"/usr/local/squid-2.5.STABLE10-20050725/etc/CNB.txt"
acl CNB2 url_regex
"/usr/local/squid-2.5.STABLE10-20050725/etc/CNB2.txt"
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 81 442 443 444 447 563 2425 8080
8443 9920
acl Danger_ports port 23 25 79 110 111 512 514 540
acl CONNECT method CONNECT
acl Gopher proto Gopher
http_access deny Gopher
http_access deny Danger_ports
http_access deny CONNECT !SSL_ports
http_access deny SDeny
http_access deny SBA
#http_access deny SBA2
http_access deny SBA3
http_access deny CNB
http_access deny CNB2
http_access allow SAllow
http_access allow TP
http_access deny all
http_reply_access allow all
--------------------------
Regards,
Tay
--- Chris Robertson <crobertson@gci.com> wrote:
> > > On 9/7/05, Tay Teck Wee
> <wolfpacks01@yahoo.com.sg>
> > > wrote:
> > > > Hi all,
> > > >
> > > > using squid, I am unable to access
> > > www.evangel.org.sg
> > > > but using NetCaches, there is no problem.
> > > >
> > > > Squid log entry:
> > > > 1126063099.644 63 165.21.88.31
> TCP_MISS/403
> > > 606
> > > > GET http://www.evangel.org.sg/ -
> > > DIRECT/203.127.19.66
> > > > text/html
> > > >
> > > >
> > > --- Mark Elsen <mark.elsen@gmail.com> wrote:
> > >
> > > Http 403 means : forbidden.
> > >
> > > Does it work , from a browser on the squid box
> > > (e.g.)
> > >
> > > M.
> > >
> >
> > -----Original Message-----
> > From: Tay Teck Wee
> [mailto:wolfpacks01@yahoo.com.sg]
> > Sent: Wednesday, September 07, 2005 12:02 AM
> > To: Mark Elsen
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] strange problem with
> www.evangel.org.sg
> >
> >
> > The only installed browser is lynx. No problem
> with
> > that.
> >
> > Also did this:
> > [squid]$telnet evangel.org.sg 80
> > Trying 203.127.19.66...
> > Connected to evangel.org.sg (203.127.19.66).
> > Escape character is '^]'.
> > GET /index.html HTTP/1.0
> >
> > HTTP/1.1 200 OK
> > Date: Wed, 07 Sep 2005 07:55:50 GMT
> > Server: Apache/2.0.49 (Unix) DAV/2
> mod_fastcgi/2.4.2
> > mod_ssl/2.0.49 OpenSSL/0.9.6i
> > ETag: "1d240-25f6-e7d24a80"
> > Accept-Ranges: bytes
> > Last-Modified: Wed, 07 Sep 2005 06:39:40 GMT
> > Content-Length: 9724
> > Content-Type: text/html; charset=ISO-8859-1
> > ETag: "1d240-25fc-cf182300"
> > Accept-Ranges: bytes
> > Connection: close
> > [truncated]
> >
> > I think the webserver is directing me to some
> > directory which should not be accessed(using
> > http://www.evangel.org.sg). Thus the reason for
> the
> > 403 error. But why is this happening only to Squid
> and
> > not to NetCaches? But when using just the IP
> > address(203.127.19.66) or w/o the www(as in
> > http://evangel.org.sg), its ok.
> >
> > Regards,
> > Tay
> >
>
> The whole thread about this webserver being broken
> is a red herring. The meat of the problem is Squid
> can surf to this site via the IP address, or the
> FQDN without the www. Read up on ACLs
> (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html),
> use the debugging options and see what that tells
> you. I'd have to guess the problem lies with your
> squid.conf.
>
> Chris
>
__________________________________
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions of singles gather
http://asia.yahoo.com/meetic
Received on Wed Sep 07 2005 - 19:22:03 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT