[squid-users] Can't get squid with whitelist text file to work TCP_DENIED/403

Elliott Blake, Lisa Marie loleary at uic.edu
Thu Apr 8 19:11:26 UTC 2021 

I am trying to get squid to work with a text file for a whitelist.  I get TCP_DENIED/403 on every url I try.  I am using curl to test.
acl whitelist dstdomain "/etc/squid/whitelist.txt"
curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org
HTTP/1.1 403 Forbidden
Server: squid/3.5.20
Mime-Version: 1.0
Date: Wed, 07 Apr 2021 17:38:58 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3521
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from libaux-prod.lib.uic.edu
X-Cache-Lookup: NONE from libaux-prod.lib.uic.edu:3128
Via: 1.1 libaux-prod.lib.uic.edu (squid/3.5.20)
Connection: keep-alive
curl: (56) Received HTTP code 403 from proxy after CONNECT

However, if I change my squid.conf to just the url it works.
acl whitelist dstdomain .arl.org
curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org
HTTP/1.1 200 Connection established
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Apr 2021 17:40:31 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=20
Location: https://www.arl.org/
Expires: Wed, 07 Apr 2021 18:40:31 GMT
Cache-Control: max-age=3600

I am running a centos 7 os with squid version 3.5.20, which is the most recent yum version.
This is driving me crazy.  I have tried debugging in squid and cannot find the answer.  I have tried changing the squid.conf file.  I always restart squid after I change the squid.conf file.
Any help would be appreciated.

My Squid.conf file:
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 591         # filemaker
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

acl whitelist dstdomain "/etc/squid/whitelist.txt"
#acl whitelist dstdomain .arl.org
http_access allow whitelist
#http_access allow CONNECT whitelist

http_access deny !whitelist

http_access allow localnet
http_access allow localhost

http_access deny all

# Squid normally listens to port 3128
http_port 3128

# port 1338 is for Front Desk Machines
http_port 1338

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

Beginning of whitelist.txt
#A Page
.aacrjournals.org
.aai.org
.aaiddjournals.org
.aap.org
.aappublications.orga
.accessanesthesiology.com
.anthropology.org.uk
.archivegrid.org
.arl.org
.arlstatistics.org
.artstor.org

Thank you,
Lisa Blake


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210408/893f135e/attachment.htm>

More information about the squid-users mailing list