[squid-users] Can't get squid with whitelist text file to work TCP_DENIED/403

Eliezer Croitoru ngtech1ltd at gmail.com
Wed Apr 14 09:34:10 UTC 2021 

Did you got it working eventually?

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email:  <mailto:ngtech1ltd at gmail.com> ngtech1ltd at gmail.com

Zoom: Coming soon

 

 

From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of
Elliott Blake, Lisa Marie
Sent: Thursday, April 8, 2021 10:11 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Can't get squid with whitelist text file to work
TCP_DENIED/403

 

I am trying to get squid to work with a text file for a whitelist.  I get
TCP_DENIED/403 on every url I try.  I am using curl to test.

acl whitelist dstdomain "/etc/squid/whitelist.txt"

curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org 

HTTP/1.1 403 Forbidden

Server: squid/3.5.20

Mime-Version: 1.0

Date: Wed, 07 Apr 2021 17:38:58 GMT

Content-Type: text/html;charset=utf-8

Content-Length: 3521

X-Squid-Error: ERR_ACCESS_DENIED 0

Vary: Accept-Language

Content-Language: en

X-Cache: MISS from libaux-prod.lib.uic.edu

X-Cache-Lookup: NONE from libaux-prod.lib.uic.edu:3128

Via: 1.1 libaux-prod.lib.uic.edu (squid/3.5.20)

Connection: keep-alive

curl: (56) Received HTTP code 403 from proxy after CONNECT

 

However, if I change my squid.conf to just the url it works.

acl whitelist dstdomain .arl.org

curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org 

HTTP/1.1 200 Connection established

HTTP/1.1 301 Moved Permanently

Server: nginx

Date: Wed, 07 Apr 2021 17:40:31 GMT

Content-Type: text/html

Content-Length: 178

Connection: keep-alive

Keep-Alive: timeout=20

Location: https://www.arl.org/

Expires: Wed, 07 Apr 2021 18:40:31 GMT

Cache-Control: max-age=3600

 

I am running a centos 7 os with squid version 3.5.20, which is the most
recent yum version.

This is driving me crazy.  I have tried debugging in squid and cannot find
the answer.  I have tried changing the squid.conf file.  I always restart
squid after I change the squid.conf file.  

Any help would be appreciated.

 

My Squid.conf file:

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

 

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 443         # https

acl Safe_ports port 591         # filemaker

acl CONNECT method CONNECT

 

http_access deny !Safe_ports

 

http_access deny CONNECT !SSL_ports

 

http_access allow localhost manager

http_access deny manager

 

acl whitelist dstdomain "/etc/squid/whitelist.txt"

#acl whitelist dstdomain .arl.org

http_access allow whitelist

#http_access allow CONNECT whitelist

 

http_access deny !whitelist

 

http_access allow localnet

http_access allow localhost

 

http_access deny all

 

# Squid normally listens to port 3128

http_port 3128

 

# port 1338 is for Front Desk Machines

http_port 1338

 

coredump_dir /var/spool/squid

 

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

 

Beginning of whitelist.txt

#A Page

.aacrjournals.org

.aai.org

.aaiddjournals.org

.aap.org

.aappublications.orga

.accessanesthesiology.com

.anthropology.org.uk

.archivegrid.org

.arl.org

.arlstatistics.org

.artstor.org

 

Thank you,

Lisa Blake

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210414/5a13e630/attachment.htm>

More information about the squid-users mailing list