1 |
Hey all |
2 |
|
3 |
I have a curious problem with squid. At my old high school they have to |
4 |
machines. |
5 |
Machine A - Mail, file, et al server. It has squid running but deny's all |
6 |
access except to those fortunate people (IP's). Running red hat (dont ask |
7 |
not my baby). 192.168.1.3:3128 <http://192.168.1.3:3128> |
8 |
|
9 |
Machine B - Proxy server. It has squid (192.168.1.4:port 3128) and |
10 |
dansguardian running (192.168.1.4:8080 <http://192.168.1.4:8080>). Does the |
11 |
authentication through Machine A. Running Gentoo o/// |
12 |
|
13 |
Up until the other day you could not gain access to squid from port 3128 |
14 |
except for local host. All the comps are setup to use 8080. Now I did some |
15 |
testing with squid. If I formally declare: |
16 |
ACL pc src 192.168.1.132 <http://192.168.1.132> |
17 |
http_access deny pc |
18 |
|
19 |
That pc is denied access through 3128 yet the others are still allowed |
20 |
through even though: |
21 |
ACL localhost 127.0.0.1/255.255.255.255 <http://127.0.0.1/255.255.255.255> |
22 |
http_access deny !localhost |
23 |
|
24 |
ACL all src 0.0.0.0/0.0.0.0 <http://0.0.0.0/0.0.0.0> |
25 |
http_access deny all |
26 |
|
27 |
Now this was working up until the other day :( The same problem is being |
28 |
experienced on Machine A where people (IP's) that would and should fall |
29 |
under the deny all rule are not being blocked. |
30 |
|
31 |
Can anyone speculate as to what may be causing this? I dont know if the |
32 |
[roblems are related but I suspect so. |
33 |
|
34 |
Thanks Rav |
35 |
|
36 |
-- |
37 |
"When you play a Microsoft CD backwards you can hear demonic Voices... |
38 |
that's nothing - when you play it forward it installs Windows" |