<div dir="ltr">thanks for the quick reply. Actually those lines are no commented out. and ACL name is corrected.<div><br></div><div>The browser is on the proxy machine(10.0.0.1) who host file points <a href="http://testsquid.com" target="_blank">testsquid.com</a> to 10.0.0.1 itself.<br><br>Squid which is in reverse mode listen to port 80 in 10.0.0.1 is grabbing each request. but returning TCP_DENIED/403 for <a href="http://testsquid.com" target="_blank">testsquid.com</a>. Instead of returning the webserver static index file</div><div><br></div><div>As you told i have one browser machine win7 machine. in which i edited host file and set <a href="http://testsquid.com" target="_blank">testsquid.com</a> to 10.0.0.1(proxy machine ip)</div><div><br></div><div>But behaviour remains same.</div><div>below is my actual squid config</div><div><br></div><div><div>acl PURGE method purge</div><div>acl SSL_ports port 443 445 448 563 1024-65535</div><div>acl Safe_ports port 80</div><div>acl Safe_ports port 21</div><div>acl Safe_ports port 443</div><div>acl Safe_ports port 70</div><div>acl Safe_ports port 210</div><div>acl Safe_ports port 1025-65535</div><div>acl Safe_ports port 280</div><div>acl Safe_ports port 488</div><div>acl Safe_ports port 591</div><div>acl Safe_ports port 777</div><div>acl CONNECT method CONNECT</div><div>acl local_addresses dst "/usr/local/squid/etc/local_addresses.conf"</div><div>acl allowsquid dstdomain <a href="http://testsquid.com">testsquid.com</a></div><div>httpd_suppress_version_string on</div><div>cache allow all</div><div>cache_effective_user nobody</div><div>cache_effective_group nobody</div><div>cache_log /usr/local/squid/var/logs/cache.1.100.log</div><div>cache_store_log none</div><div>half_closed_clients off</div><div>hierarchy_stoplist $ cgi ? & ; .asp .shtml localhost</div><div>http_access allow manager localhost</div><div>http_access allow allowsquid</div><div>http_access allow manager cachemgr</div><div>http_access deny manager</div><div>http_access deny CONNECT !SSL_ports</div><div>http_access deny CONNECT local_addresses</div><div>http_access allow purge localhost</div><div>http_access allow purge cachemgr</div><div>http_access deny purge</div><div>http_access allow all</div><div>http_access allow manager localhost</div><div>http_access deny manager</div><div>http_access deny !Safe_ports</div><div>http_access deny CONNECT !SSL_ports</div><div>http_access deny all</div><div>http_reply_access allow all</div><div>log_icp_queries off</div><div>maximum_object_size 0 KB</div><div>maximum_object_size_in_memory 0 KB</div><div>request_header_max_size 64 KB</div><div>reply_header_max_size 64 KB</div><div>strip_query_terms off</div><div>uri_whitespace encode</div><div>visible_hostname squidproxy</div><div>icp_access allow all</div><div>http_port <a href="http://10.0.0.1:80">10.0.0.1:80</a> accel defaultsite=<a href="http://testsquid.com">testsquid.com</a></div><div>cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest</div><div>cache_peer_access squidtest allow allowsquid</div><div>cache_peer_access squidtest deny all</div><div>acl QUERY urlpath_regex cgi-bin \?</div><div>cache deny QUERY</div><div>refresh_pattern ^ftp:<span class="Apple-tab-span" style="white-space:pre"> </span>1440<span class="Apple-tab-span" style="white-space:pre"> </span>20%<span class="Apple-tab-span" style="white-space:pre"> </span>10080</div><div>refresh_pattern ^gopher:<span class="Apple-tab-span" style="white-space:pre"> </span>1440<span class="Apple-tab-span" style="white-space:pre"> </span>0%<span class="Apple-tab-span" style="white-space:pre"> </span>1440</div><div>refresh_pattern .<span class="Apple-tab-span" style="white-space:pre"> </span>0<span class="Apple-tab-span" style="white-space:pre"> </span>20%<span class="Apple-tab-span" style="white-space:pre"> </span>4320</div></div><div><br></div><div>Is there anything faulty in my config?</div><div><br></div><div>Regards, </div><div><br></div><div>Joseph</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 12, 2015 at 6:22 PM, Antony Stone <span dir="ltr"><<a href="mailto:Antony.Stone@squid.open.source.it" target="_blank">Antony.Stone@squid.open.source.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wednesday 12 August 2015 at 14:38:55, joseph jose wrote:<br>
<br>
> Hi,<br>
><br>
> I have set up squid in reverse proxy mode to cache an apache webserver<br>
> hosted in linux vm.<br>
><br>
> IP of my squid reverse proxy is 10.0.0.1 and 10.0.0.2 is the ip of<br>
> webserver which is also a linux vm<br>
<br>
Your squid server has only one interface and IP address?<br>
<br>
> my config is as follows<br>
><br>
> #acl squidallow dstdomain <a href="http://testsquid.com" rel="noreferrer" target="_blank">testsquid.com</a><br>
> #<br>
> #<br>
> #http_port <a href="http://10.0.0.1:80" rel="noreferrer" target="_blank">10.0.0.1:80</a> accel defaultsite=<a href="http://testsquid.com" rel="noreferrer" target="_blank">testsquid.com</a><br>
> #<br>
> #<br>
> #cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest<br>
> #cache_peer_access squidtest allow allowsquid<br>
<br>
I sincerely hope you don't mean that these directives are all commented out,<br>
thus not having any effect?<br>
<br>
Even if they're not commented out, do you see the discrepancy between<br>
"squidallow" in the first line and "allowsquid" in the last?<br>
<br>
> In the squid proxy machine i have edited the host file and set<br>
> <a href="http://testsquid.com" rel="noreferrer" target="_blank">testsquid.com</a> 10.0.0.1 (which is the ip of proxy machine itself), as proxy<br>
> is configured in reverse mode, it is supposed to serve the static page<br>
> from webserver (10.0.0.2).<br>
<br>
What's more important than /etc/hosts on the squid server is what machine you<br>
are running the browser on, and what does *that* machine resolve <a href="http://testsquid.com" rel="noreferrer" target="_blank">testsquid.com</a><br>
to?<br>
<br>
> But when i open browser and search for <a href="http://testsquid.com" rel="noreferrer" target="_blank">testsquid.com</a>, squid is logging<br>
> request but returning a TCP_DENIED/403 status.<br>
<br>
Sounds like the browser is successfully seeing <a href="http://testsquid.com" rel="noreferrer" target="_blank">testsquid.com</a> as 10.0.0.1,<br>
then, however you should be careful about trying to run tests like this on too<br>
few machines - you should have the browser on one machine, squid on a second,<br>
and the web server on a third (no matter whether any of these are real<br>
machines or VMs).<br>
<br>
<br>
Regards,<br>
<br>
<br>
Antony.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Users don't know what they want until they see what they get.<br>
<br>
Please reply to the list;<br>
please *don't* CC me.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</font></span></blockquote></div><br></div>