[squid-users] simple question Installed squid right now all internet access is blocked
Amos Jeffries
squid3 at treenet.co.nz
Thu Aug 16 12:31:34 UTC 2018
On 16/08/18 23:50, Antony Stone wrote:
> On Thursday 16 August 2018 at 13:36:50, Alex Crow wrote:
>
>> If it's an internal/RFC1918 IP then it makes no difference to your
>> security in telling the list.
>
> Just in case you (Oldman) don't understand this reference, it's a document
> which explains in far more detail than I just did what a private IP address
> is.
>
> https://tools.ietf.org/html/rfc1918
>
> You might find https://en.wikipedia.org/wiki/Private_network a little more
> accessible.
>
>> If it's a public IP address then I hope you have your squid firewalled off
>> from the internet.
>
> Hear hear.
>
>> If you at least paste your access.log and cache.log it will help.
>
> Agreed.
If it helps, I do not think the Squid IP is necessary at this point. The
error message happening shows the Browser is successfully contacting the
proxy. It just not permitted through.
Oldman:
if you really don't want to reveal any of your IPs at all you can
replace them in the published details with a placeholder value. So long
as you pick a unique placeholder for each IP and use them consistently
through the discussion. So we can a) see clearly when two different IPs
are occuring (eg to point out when they should be the same etc.).
If you still don't want to say. Then all we can do is point you at the
FAQ about how to write access controls. Maybe it will teach you how to
write the necessary rules yourself.
<https://wiki.squid-cache.org/SquidFaq/SquidAcl>
see particularly the sections above "How do I allow my clients to use
the cache?".
That FAQ says (what I think is) the solution to your problem, but the
sections above the answer are needed to understand what values need
entering into *your* particular squid.conf which may differ from the FAQ
answer.
As Anthony said the 172.* IPs are already allowed in the default config
so a simple cut-n-paste of the FAQ example text into your squid.conf at
"INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS" won't
change anything.
HTH
Amos
More information about the squid-users
mailing list