| 1 |
Hey all |
| 2 |
|
| 3 |
I have a curious problem with squid. At my old high school they have to |
| 4 |
machines. |
| 5 |
Machine A - Mail, file, et al server. It has squid running but deny's all |
| 6 |
access except to those fortunate people (IP's). Running red hat (dont ask |
| 7 |
not my baby). 192.168.1.3:3128 <http://192.168.1.3:3128> |
| 8 |
|
| 9 |
Machine B - Proxy server. It has squid (192.168.1.4:port 3128) and |
| 10 |
dansguardian running (192.168.1.4:8080 <http://192.168.1.4:8080>). Does the |
| 11 |
authentication through Machine A. Running Gentoo o/// |
| 12 |
|
| 13 |
Up until the other day you could not gain access to squid from port 3128 |
| 14 |
except for local host. All the comps are setup to use 8080. Now I did some |
| 15 |
testing with squid. If I formally declare: |
| 16 |
ACL pc src 192.168.1.132 <http://192.168.1.132> |
| 17 |
http_access deny pc |
| 18 |
|
| 19 |
That pc is denied access through 3128 yet the others are still allowed |
| 20 |
through even though: |
| 21 |
ACL localhost 127.0.0.1/255.255.255.255 <http://127.0.0.1/255.255.255.255> |
| 22 |
http_access deny !localhost |
| 23 |
|
| 24 |
ACL all src 0.0.0.0/0.0.0.0 <http://0.0.0.0/0.0.0.0> |
| 25 |
http_access deny all |
| 26 |
|
| 27 |
Now this was working up until the other day :( The same problem is being |
| 28 |
experienced on Machine A where people (IP's) that would and should fall |
| 29 |
under the deny all rule are not being blocked. |
| 30 |
|
| 31 |
Can anyone speculate as to what may be causing this? I dont know if the |
| 32 |
[roblems are related but I suspect so. |
| 33 |
|
| 34 |
Thanks Rav |
| 35 |
|
| 36 |
-- |
| 37 |
"When you play a Microsoft CD backwards you can hear demonic Voices... |
| 38 |
that's nothing - when you play it forward it installs Windows" |
Archives