[squid-users] Whitelist domain ignored?
Benjamin E. Nichols
webmaster at squidblacklist.org
Tue Oct 4 21:35:45 UTC 2016
Yes we can see your messages to the group..
While im responding, this doesnt adress you problem, but we have a free
whitelist that we maintain you may or may not be interested in, but its
quite a bit larger. No adult, and no torrent sites.
http://www.squidblacklist.org/downloads/whitelist.txt
<http://www.squidblacklist.org/downloads/whitelist.txt>
Good Luck!
On 10/4/2016 4:22 PM, Jose Torres-Berrocal wrote:
> Just to confirm that I sent the email
>
> Jose E Torres
> 939-777-4030
> JET System Services
>
>
> On Tue, Oct 4, 2016 at 4:41 PM, Jose Torres-Berrocal
> <jetsystemservices at gmail.com> wrote:
>> I do not know the correct terms to the problem I have.
>>
>> I have some clients that use a program that tries to connect to:
>> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
>>
>> Went to the access.log and found the neodecksoftware.com is being
>> denied even that I have it in a whitelist file.
>>
>> The below info is the error lines fund, the whitelist file content,
>> and the squid conf:
>>
>> ----------------------------------------------------------------------------------------------
>> 1475581614.208 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT
>> neodecksoftware.com:443 - HIER_NONE/- text/html
>> 1475582327.774 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT
>> neodecksoftware.com:443 - HIER_NONE/- text/html
>>
>> /var/squid/acl/whitelist.acl:
>> .familymedicinepr.com
>> .anydesk.com
>> .teamviewer.com
>> .secureserver.net
>> .gmail.com
>> .mail.yahoo.com
>> .outlook.com
>> .aol.com
>> .libertypr.net
>> .coqui.net
>> .prtc.net
>> .assertus.com
>> .neodecksoftware.com
>> .office.net
>> .microsoft.com
>> .office.com
>> .live.com
>>
>> # This file is automatically generated by pfSense
>> # Do not edit manually !
>>
>> http_port 192.168.1.1:3128
>> http_port 127.0.0.1:3128
>> icp_port 0
>> dns_v4_first off
>> pid_filename /var/run/squid/squid.pid
>> cache_effective_user squid
>> cache_effective_group proxy
>> error_default_language en
>> icon_directory /usr/local/etc/squid/icons
>> visible_hostname pfsense
>> cache_mgr jetsystemservices at gmail.com
>> access_log /var/squid/logs/access.log
>> cache_log /var/squid/logs/cache.log
>> cache_store_log none
>> netdb_filename /var/squid/logs/netdb.state
>> pinger_enable on
>> pinger_program /usr/local/libexec/squid/pinger
>>
>> logfile_rotate 31
>> debug_options rotate=31
>> shutdown_lifetime 3 seconds
>> # Allow local network(s) on interface(s)
>> acl localnet src 192.168.1.0/24 127.0.0.0/8
>> forwarded_for on
>> uri_whitespace strip
>>
>> acl dynamic urlpath_regex cgi-bin \?
>> cache deny dynamic
>>
>> cache_mem 512 MB
>> maximum_object_size_in_memory 256 KB
>> memory_replacement_policy heap GDSF
>> cache_replacement_policy heap LFUDA
>> minimum_object_size 0 KB
>> maximum_object_size 4 MB
>>
>> offline_mode off
>> cache_swap_low 90
>> cache_swap_high 95
>> cache allow all
>> # Add any of your own refresh_pattern entries above these.
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>>
>>
>> #Remote proxies
>>
>>
>> # Setup some default acls
>> # From 3.2 further configuration cleanups have been done to make
>> things easier and safer. The manager, localhost, and to_localhost ACL
>> definitions are now built-in.
>> # acl localhost src 127.0.0.1/32
>> acl allsrc src all
>> acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128
>> 3129 1025-65535 444
>> acl sslports port 443 563 444
>>
>> # From 3.2 further configuration cleanups have been done to make
>> things easier and safer. The manager, localhost, and to_localhost ACL
>> definitions are now built-in.
>> #acl manager proto cache_object
>>
>> acl purge method PURGE
>> acl connect method CONNECT
>>
>> # Define protocols used for redirects
>> acl HTTP proto HTTP
>> acl HTTPS proto HTTPS
>> acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
>> http_access allow manager localhost
>>
>> http_access deny manager
>> http_access allow purge localhost
>> http_access deny purge
>> http_access deny !safeports
>> http_access deny CONNECT !sslports
>>
>> # Always allow localhost connections
>> # From 3.2 further configuration cleanups have been done to make
>> things easier and safer.
>> # The manager, localhost, and to_localhost ACL definitions are now built-in.
>> # http_access allow localhost
>>
>> request_body_max_size 0 KB
>> delay_pools 1
>> delay_class 1 2
>> delay_parameters 1 -1/-1 -1/-1
>> delay_initial_bucket_level 100
>> delay_access 1 allow allsrc
>>
>> # Reverse Proxy settings
>>
>>
>> # Custom options before auth
>> connect_timeout 2
>>
>> # Always allow access to whitelist domains
>> http_access allow whitelist
>> auth_param basic program /usr/local/libexec/squid/basic_radius_auth -w
>> Maint4030 -h pfsense -p
>> auth_param basic children 5
>> auth_param basic realm Please enter your credentials to access the proxy
>> auth_param basic credentialsttl 5 minutes
>> acl password proxy_auth REQUIRED
>> # Custom options after auth
>>
>>
>> http_access allow password localnet
>> # Default block all to be sure
>> http_access deny allsrc
>>
>> ----------------------------------------------------------------------------------------------
>>
>> Cordially,
>> Jose
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161004/5d0ea66c/attachment.html>
More information about the squid-users
mailing list