Re: [squid-users] Access denied to localhost!

Your config looks fine to me, but quite insecure for an accelerator setup..

Please verify using cachemgr that the running configuration matches what you
expect.

I would use something like:

acl CONNECT method CONNECT
http_access deny CONNECT

acl manager proto cache_object
acl localhost src 127.0.0.1
acl PURGE method PURGE
http_access allow manager localhost
http_access allow PURGE localhost

acl myservers dst x.y.z.n x.y.z.m ...
acl HTTP proto http
acl port_80 port 80
http_access allow HTTP myservers port_80

acl all src 0.0.0.0/0
http_access deny all

Regards
Henrik Nordström

On Monday 26 November 2001 15.59, Jez Ahl wrote:
> Hi,
>
> Can anyone help me with this problem please?
> I have to boxes with squid in reverse mode, with the following config:-
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl PURGE method PURGE
>
> #Default configuration:
> http_access allow manager localhost
> http_access allow PURGE
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #http_access deny all
> http_access allow all
>
>
> On one of the boxes, if I do "client -m GET -p 80 http://whatever", I
> get access denied, on the other it works.
>
> Cache log on the failed one (2.3.STABLE5) says:-
> 2001/11/26 12:51:36| The request GET http://whatever is DENIED, because
> it matched 'all'
>
> Cache log on the successful one (2.3.STABLE2) says:-
> 2001/11/26 12:51:36| The request GET http://whatever is ALLOWED, because
> it matched 'all'
>
> Any ideas ?
>
> Thanks in advance
>
> jez

-- 
MARA Systems AB
Giving you basic free Squid support
Priority support or Squid enhancements available on request