Hi
I have an Ubuntu Feisty box running squid:
ii squid 2.6.5-4ubuntu2 Internet Object Cache (WWW proxy cache)
And I get these non-SSL ports denied as SSL ports:
<snip>
2007/06/10 22:07:37| aclCheck: checking 'http_access deny CONNECT
!SSL_ports'
2007/06/10 22:07:37| aclMatchAclList: checking CONNECT
2007/06/10 22:07:37| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2007/06/10 22:07:37| aclMatchAclList: checking !SSL_ports
2007/06/10 22:07:37| aclMatchAcl: checking 'acl SSL_ports port 443 563
# https, snews'
2007/06/10 22:07:37| aclMatchAclList: returning 1
2007/06/10 22:07:37| aclCheck: match found, returning 0
2007/06/10 22:07:37| cbdataUnlock: 0x82adec0
2007/06/10 22:07:37| aclCheckCallback: answer=0
2007/06/10 22:07:37| cbdataValid: 0x85e0b50
2007/06/10 22:07:37| The request CONNECT 209.204.61.7:4000 is DENIED,
because it matched 'SSL_ports'
2007/06/10 22:07:37| Access Denied: 209.204.61.7:4000
2007/06/10 22:07:37| AclMatchedName = SSL_ports
2007/06/10 22:07:37| Proxy Auth Message = <null>
2007/06/10 22:07:37| storeCreateEntry: '209.204.61.7:4000'
2007/06/10 22:07:37| new_MemObject: returning 0x8ce8a68
</snip>
Other ports are in the range 1025-6000 and are getting the same problem.
My squid.conf below. Any tips appreciated.
0 root@kontiki:/etc/squid#grep -v ^\# squid.conf|grep .
http_port 10.0.0.1:3128 transparent
http_port 127.0.0.1:3128
cache_peer proxy.aims.ac.za parent 3128 0 no-query
cache_peer_domain proxy.aims.ac.za !.aims.ac.za
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
debug_options ALL,1
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl our_networks src 10.0.0.0/8
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname kontiki.aims.ac.za
forwarded_for off
acl aims dstdomain .aims.ac.za
no_cache deny aims
always_direct allow aims
acl kontiki dst 10.0.0.1/32
no_cache deny kontiki
always_direct allow kontiki
never_direct allow all
coredump_dir /var/spool/squid
regards,
Jan
-- .~. /V\ Jan Groenewald /( )\ www.aims.ac.za ^^-^^Received on Mon Jun 11 2007 - 05:55:29 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT