Hello people,
after few hours of searching I forced to ask, because I haven't found
answer. Maybe because port 8080 is commonly used for proxy itself.
But the problem is "simple". Clients behind proxy can't reach any site
on non standard port (8080 for example). Everytime browser tell "ERROR,
the requested URL could not be retrieved" with (111) Connection refused.
Iam using Squid3 at SLES
In access log I see only
TCP_MISS/503 4621 GET
http://o6.nyx.cz:8080/pulse/nyxMUTANTIKf8d715ba1ff5b0f9941495f42f62de51/nyxtopic11879
<USER> DIRECT/62.24.64.52 text/html
It is not difference between authenticated or user using direct connect.
Even with "http_access allow all" doing the same.
I don't think that is neccessary to post config, but just to be complete:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl SSL_ports port 443
acl SSL_ports port 1494
acl SSL_ports port 2598
acl Safe_ports port 8080
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl IM port 5222
acl IM port 5190
acl IM port 1533
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports !IM
http_access allow localhost
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param negotiate program /usr/sbin/negotiate_kerb_auth -d -s
GSS_C_NO_NAME
auth_param negotiate program /usr/sbin/squid_kerb_auth -d
auth_param negotiate children 30
auth_param negotiate keep_alive on
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 30
auth_param basic realm <REALM>
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
authenticate_ttl 0 seconds
acl AuthorizedUsers proxy_auth REQUIRED
external_acl_type group ttl=3600 children=5 %LOGIN
/usr/sbin/wbinfo_group.pl
include /etc/squid/acl/definice/*.acl
include /etc/squid/acl/pravidla/*.acl
access_log /var/log/squid/access.log squid
http_access allow all AuthorizedUsers
http_access deny all
log_access allow all
log_access deny premium
#==== DON'T TOUCH BELOW !!! ===========
icp_access allow localnet
icp_access deny all
ignore_expect_100 on
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 40 MB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /var/cache/squid 10000 16 256
minimum_object_size 0 KB
maximum_object_size 4096 KB
cache_swap_low 90
cache_swap_high 95
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
ftp_passive on
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320
connect_timeout 2 minutes
client_lifetime 1 days
cache_mgr <email>
error_directory /etc/squid/errors
coredump_dir /var/cache/squid
Jirka
Received on Tue Apr 03 2012 - 13:42:11 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 03 2012 - 12:00:02 MDT