Re[2]: [squid-users] Re[2]: https Webmin using port 12000 doesn't work anymore with Squid from LeKeiserAmen on 2005-11-23 (squid-users)

From: LeKeiserAmen <LeKeiser@dont-contact.us>
Date: Thu, 24 Nov 2005 01:12:48 +0100

Hello Chris,

Wednesday, November 23, 2005, 9:59:54 PM, you wrote:

CR> The CONNECT method is only allowed to ports 443, 563 and 873
CR> (deny CONNECT, unless it's to a port listed in SSL_Ports). If you add...

CR> acl SSL_Ports port 12000 # Webmin

CR> ...to your ACL list you would be set. Even better would be to
CR> define your Webmin host, and allow it specifically. Instead of adding the above, add...

CR> acl webmin_host dstdomain webmin.mynet.dom
CR> acl webmin_port port 12000
CR> http_access allow CONNECT webmin_host webmin_port
CR> http_access deny CONNECT !SSL_ports # Existing line

CR> Chris

I tried what you suggested, it didn't work :(

Here are my ACLs :

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 192.168.1.0/255.255.255.255
acl to_localhost dst 127.0.0.0/8 192.168.1.0/255.255.255.255

acl our_network src 192.168.1.0/25

acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 12000 #Webmin
acl webmin port 12000
acl SSL_ports port 12000 # voir ssl
acl purge method PURGE
acl CONNECT method CONNECT

And my HTTP_ACCESS :

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge

http_access allow webmin
http_access allow CONNECT webmin

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow our_network
http_access allow localhost

http_access deny all

I get the error :
1132791052.505 11 192.168.1.10 TCP_MISS/200 2269 CONNECT 192.168.1.1:12000 - DIRECT/192.168.1.1 -
1132791052.584 10 192.168.1.10 TCP_MISS/200 2189 CONNECT 192.168.1.1:12000 - DIRECT/192.168.1.1 -

When I open my browser, and I choose Webmin, I get the certificate
window. Then the error Error - Access denied for 192.168.1.1

Thanx for your help :)

-- 
Best regards,
LeKeiserAmen  
mailto: LeKeiser@lekeiser.com

Received on Wed Nov 23 2005 - 17:14:43 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:10 MST