All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SQUID Not Working
Hello There....
Please help me out...
I have installed SQUID on Centos 6.4 x64..
disabled SELINUX and IPTABLES already....
and here's what i get when i try to use that...
http://s24.postimg.org/usdgojjmt/squid.png
and here is my access.log file..
1375166799.248 1 117.225.84.222 TCP_DENIED/403 4544 GET http://www.google.co.in/ - NONE/- text/html
1375166799.908 0 117.225.84.222 TCP_DENIED/403 3865 GET http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
1375166815.108 0 117.225.84.222 TCP_DENIED/403 3664 CONNECT 425-events.olark.com:443 - NONE/- text/html
1375166815.707 0 117.225.84.222 TCP_DENIED/403 3664 CONNECT 425-events.olark.com:443 - NONE/- text/html
1375166817.708 0 117.225.84.222 TCP_DENIED/403 3664 CONNECT 425-events.olark.com:443 - NONE/- text/html
1375166822.308 0 117.225.84.222 TCP_DENIED/403 3664 CONNECT 425-events.olark.com:443 - NONE/- text/html
1375166832.926 0 117.225.84.222 TCP_DENIED/403 3664 CONNECT 425-events.olark.com:443 - NONE/- text/html
1375167175.030 0 117.225.84.222 TCP_DENIED/403 3609 CONNECT mail.google.com:443 - NONE/- text/html
1375167178.698 0 117.225.84.222 TCP_DENIED/403 3612 CONNECT www.facebook.com:443 - NONE/- text/html
1375167208.975 0 117.225.84.222 TCP_DENIED/403 3609 CONNECT mail.google.com:443 - NONE/- text/html
1375167209.920 0 117.225.84.222 TCP_DENIED/403 3609 CONNECT mail.google.com:443 - NONE/- text/html
1375167217.358 0 117.225.84.222 TCP_DENIED/403 4020 GET http://www.ip2location.com/ - NONE/- text/html
1375167217.358 0 117.225.84.222 TCP_DENIED/403 3609 CONNECT mail.google.com:443 - NONE/- text/html
1375167217.837 0 117.225.84.222 TCP_DENIED/403 3609 CONNECT mail.google.com:443 - NONE/- text/html
1375167217.896 0 117.225.84.222 TCP_DENIED/403 3828 GET http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
please help me...
Comments
Have u inserted/create acl and allow your network in squid.conf
@knopix80
Should i post my squid.conf here also...
If u dont mind, please post it
@knopix80 here it is
#
Recommended minimum configuration:
#
visible_hostname TRIAL
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
Example rule allowing access from your local networks.
Adapt to list your (internal) IP networks from where browsing
should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
Recommended minimum Access Permission configuration:
#
Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
Deny requests to certain unsafe ports
http_access deny !Safe_ports
Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
We strongly recommend the following be uncommented to protect innocent
web applications running on the proxy server who think the only
one who can access services on "localhost" is a local user
http_access deny to_localhost
#
INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
Example rule allowing access from your local networks.
Adapt localnet in the ACL section to list your (internal) IP networks
from where browsing should be allowed
http_access allow localnet
http_access allow localhost
And finally deny all other access to this proxy
http_access deny all
Squid normally listens to port 3128
http_port 3128
We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 100 16 256
Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
I saw from your log, it stated ip address 117.225.84.222 trying to access proxy. But there is no acl for that ip in your conf.
@knopix80
i have to insert acl for each ip...
Yup, then restart the service.
@knopix80
can i create single acl for any ip...
please tell me how to create it...
Yes, it can.
E.g. U wanna add 5 ip on single acl:
Syntax: acl mynet src 10.1.1.1/32 10.1.1.2/32 10.1.1.3/32 10.1.1.4/32 10.1.1.5/32
Or u can add it on text file.
Syntax :acl mynet src "myipaddr.txt"
@knopix80
i mean single acl for all ip or for an ip range
acl mynet src 10.1.1.0/24
Depend on your network, /24 or /22
@knopix80
i mean like from 1.0.0.0 to 255.0.0.0
It means you wanna create open proxy? It's not secure, any one from around the world can use it, but it's your own risk
acl mynet src 0.0.0.0/0 or u can add http_access allow all
@knopix80
i want to allow access only to Indian IP addresses...but i don't know their complete range
and we can setup authentication also na...
@knopix80
thanks buddy its working now...many many thanks for helping me out...
You're welcome, please try with youtube cacher using nginx and ruby, it's awesome dude.
Maybe something like this can help you:
http://incredibill.me/htaccess-block-country-ips
http://www.find-ip-address.org/ip-country/
http://www.darrenpopham.com/2009/04/country-ip-lists/
http://ipinfodb.com/ip_country_block.php
@knopix80
i don't have that much knowledge...