[squid-users] Squid3 config on Ubuntu remains even after uninstall and ignore the new config

Amos Jeffries squid3 at treenet.co.nz
Mon Nov 10 15:45:34 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/11/2014 2:58 a.m., Efe wrote:
> Thank you for your reply. I've managed to retrieve uncommented
> config lines:
> 
> $ grep -P '^\s*\w' /etc/squid3/squid.conf
> 
> acl localnet src 192.168.0.101  # RFC1918 possible internal
> network acl SSL_ports port 443 acl Safe_ports port 80      # http 
> acl Safe_ports port 21      # ftp acl Safe_ports port 443     #
> https acl Safe_ports port 70      # gopher acl Safe_ports port 210
> # wais acl Safe_ports port 1025-65535  # unregistered ports acl
> Safe_ports port 280     # http-mgmt acl Safe_ports port 488     #
> gss-http acl Safe_ports port 591     # filemaker acl Safe_ports
> port 777     # multiling http acl CONNECT method CONNECT 
> http_access deny !Safe_ports http_access deny CONNECT !SSL_ports 
> acl myrule dstdom_regex "/etc/squid3/domainblock.txt" http_access
> allow myrule cache deny all http_access allow localhost manager 
> http_access deny manager acl Purge method PURGE http_access deny
> Purge http_access allow localhost http_port 3128 coredump_dir
> /var/spool/squid3 refresh_pattern ^ftp:       1440    20% 10080 
> refresh_pattern ^gopher:    1440    0%  1440 refresh_pattern -i
> (/cgi-bin/|\?) 0 0%  0 refresh_pattern (Release|Packages(.gz)*)$
> 0       20%     2880 refresh_pattern .       0   20% 4320
> 
> If helps, iptables is empty and netstat status is $ sudo netstat
> -nltp | grep squid tcp6       0      0 :::3128
> :::* LISTEN      20292/(squid-1)
> 
> Version info: $ sudo apt-cache policy squid3 squid3: Installed:
> 3.3.8-1ubuntu6.1 Candidate: 3.3.8-1ubuntu6.1 Version table: ***
> 3.3.8-1ubuntu6.1 0 500 http://archive.ubuntu.com/ubuntu/
> trusty-updates/main i386 Packages 500
> http://archive.ubuntu.com/ubuntu/ trusty-security/main i386 
> Packages 100 /var/lib/dpkg/status 3.3.8-1ubuntu6 0 500
> http://archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
> 
> Proof that squid is running: $ ps ax | grep squid 20290 ?        Ss
> 0:00 squid3 20292 ?        S      0:06 (squid-1) 31535 ?        S
> 0:00 (logfile-daemon) /var/log/squid3/access.log 31720 pts/28   S+
> 0:00 grep --color=auto squid
> 
> Maybe i used the wrong terminology as "redirect". B/c whenever the
> website in the blocklist is called, localhost page of my LAMP shows
> up.
> 
> So, what i want to achieve in the end is blocking and sometimes
> unblocking a list of websites based on their domain name. Problem
> is even the config is changed to "http_access allow myrule" it
> doesnt reflect allow/deny options accordingly anymore. At this
> moment, the websites in the list are still non-accessible.
> 

Let me guess,  you are testing this with a browser URL
http://192.168.whatever:3128/ or even just http://192.168.whatever/
and it shows your LAMP server page?

You seem to have missed out all the bits of the setup which make the
browser use the proxy rather than just connecting directly to Apache
in the LAMP stack.
You may need to read through this:
 http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUYN2bAAoJELJo5wb/XPRj5VMIANLLVIb8kjqk5BiycDBAH1MR
5qA896B3hhcoVEgFIH2lxSzFVBXJBFSwcjXnZN9nkqf5b7/t6k58hY3+56+UfZSF
xO7tHOy/mvtCNA+ol7JlyVz+MvgaKMRqzXdAnJdP3OrhQ4g75WfGKCxoCBBwPNgU
5gD7rSSQq8PpD0uBNuHV8SDwwKkYaoYtoqAs1OWD5p+WbyAylYZB7cJKKgex1+d9
nPqGIlaRLaWRJzcTDFUW0C3B0zIggIv5GRNsO50gqqQZ0Xb9F3Iy5aDOwyiyiCYn
LmlRADaoqf4MWfBh+nmmufcwUcfsAGknI7tStk3dXCzNQNA9O2gy3e7s+H+7Poo=
=A5vS
-----END PGP SIGNATURE-----


More information about the squid-users mailing list