[squid-users] squidcliente stopped working!
sameh.onaissi at solcv.com
Mon Dec 19 20:52:02 UTC 2016
> On Dec 19, 2016, at 1:31 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> On Monday 19 December 2016 at 17:44:11, Sameh Onaissi wrote:
>> I was using squid client to get cache stats, however this morning it
>> completely stopped working.
>> <center><img src="http://mydomainname.com/squid/access_denied.jpg"
>> alt="Acceso Denegado" style="width:704px;height:428px;"></center>
>> the html code is the code of my redirect page whenever a client tries to
>> access a blacklisted website.
> How big is your blacklist? Could you show us what's in it?
> Have you added the proxy itself to the whitelist?
The blacklist consistes of the ads, porn, socialnet and spyware lists of the BL list.
I added both LAN and WAN IPs of the server to the whitelist but didn’t help.
So, I changed my default acl setting in squid guard config file to pass all for now (I know it is not ideal), just to monitor the cache as I am trying to get the HIT ratio up. (currently only at 7.8%)
squid guard config: pastebin.com/bbe8CWLE
>> squid.conf: http://pastebin.com/TQ8H6bRp
> Quote from your config:
> acl Safe_ports port 587 #SMTP
> Did you read Amos' reply "SMTP is the #1 worst protocol to let anywhere near
> an HTTP proxy. Preventing what you have allowed to happen is one of the
> primary reasons Safe_ports exists in the first place!”
The reason I allow 587 is because the Squid Proxy lives on the same server as a mail server which needs this port, and several clients have their mail clientes (Outlook..etc) already configured to use this port.
> By the way, what did you have to fix to prevent those public IP addresses being
> able to access your Squid proxy?
I basically let them get blocked by squid for a day or two and they stopped. I just allowed LAN source IPs.
> Pavlov is in the pub enjoying a pint.
> The barman rings for last orders, and Pavlov jumps up exclaiming "Damn! I
> forgot to feed the dog!"
> Please reply to the list;
> please *don't* CC me.
> squid-users mailing list
> squid-users at lists.squid-cache.org
More information about the squid-users