[squid-users] Squid - Can't visit (government site and Banking Site) - Please help
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Apr 27 13:12:04 UTC 2020
On 27.04.20 07:31, russel0901 wrote:
>I made a new Config and upgrade to CentOS 8.1xxx and Squid 4.4
>
>STILL CAN'T VISIT THE WEBSITE (GOVT SITE AND BANKING SITES)
stop shouting...
what is your error message and what is the message in logs?
what do your clients have configured in browsers?
are you aware that your first access directive is "http_access allow all"
which makes you open proxy?
>This is my Squid.conf
>
>#
># Recommended minimum configuration:
>#
>
># Example rule allowing access from your local networks.
># Adapt to list your (internal) IP networks from where browsing
># should be allowed
>acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
>acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
>acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
>acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged)
>machines
>acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
>acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
>acl localnet src fc00::/7 # RFC 4193 local private network range
>acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
>machines
>
>acl SSL_ports port 443
>acl Safe_ports port 80 # http
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 443 # https
>acl Safe_ports port 70 # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535 # unregistered ports
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>acl CONNECT method CONNECT
>
>
>http_access allow all
>http_access allow localhost manager
>http_access allow localnet
>http_access allow localhost
>http_access deny !Safe_ports
>
># We strongly recommend the following be uncommented to protect innocent
># web applications running on the proxy server who think the only
># one who can access services on "localhost" is a local user
>#http_access deny to_localhost
>
>#
># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>#
>
># Example rule allowing access from your local networks.
># Adapt localnet in the ACL section to list your (internal) IP networks
># from where browsing should be allowed
>http_access deny CONNECT !SSL_ports
>http_access deny manager
>
>
>http_access deny all
>
>
>http_port 3333
>
># Uncomment and adjust the following to add a disk cache directory.
>#cache_dir ufs /var/spool/squid 100 16 256
>cache_dir ufs /home/squidcache 100 16 256
>cache_access_log /home/squidcache/access.log
>
># Leave coredumps in the first cache dir
>coredump_dir /home/squidcache
>
>#
># Add any of your own refresh_pattern entries above these.
>#
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>refresh_pattern . 0 20% 4320
>cache_effective_user squid
>cache_effective_group squid
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
More information about the squid-users
mailing list