next »

[keever]

What on earth is causing my Squid Proxy to deny requests for any url that has a non standard port?  Meaning, www.whatver.com:XXXX, always returns a permission denied error message.  The port is always between 1025-65535, and thus covered by the "Safe_ports" acl.  


Here are the error messages I am getting:

While trying to retrieve the URL: http://172.16.XXX.XXX:10000/

The following error was encountered:

Connection Failed
The system returned:

    (13) Permission deniedThe remote host or network may be down. Please try the request again.

While trying to retrieve the URL: http://209.XXX.XXX.XXX:8000/

The following error was encountered:

Connection Failed
The system returned:

    (13) Permission deniedThe remote host or network may be down. Please try the request again.

From Access.log:

1152647120.061    158 172.16.XXX.XXX TCP_MISS/503 1403 GET http://172.16.XXX.XXX:10000/ - NONE/- text/html
1152647414.115   2504 172.16.3.173 TCP_MISS/503 1405 GET http://209.94.XXX.XXX:8000/ - NONE/- text/html

From squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 7200 # http
acl CONNECT method CONNECT
acl Network src 172.16.3.0/255.255.255.0 172.16.4.0/255.255.255.0 192.10.30.0/255.255.255.0 192.168.218.0/255.255.255.0 192.168.3.0/255.255.255.0 172.16.6.0/255.255.255.0
acl Email dstdomain "/usr/local/squid/acls/email"
acl NF dst 192.168.3.0/24
acl webmin_port port 10000
acl deny_outside_sites port 80


# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny Email
http_access allow Network
http_access deny all
http_access deny to_localhost
http_access deny aol_yahoo_messenger
http_access deny MSN_messenger
http_access deny Gtalk

If this is a perm issue, what user is getting "access denied"?  What directory is Squid trying to write to that it doesn't have perms for?  My /etc/squid dir all has 777 perms on it.  WTF!!!!

[gauravbajaj]

ok Are u able to access that sites without using squid?? Just try and reply me back

[Ricky]

I am not sure but as you are trying to access a machine over local netowrk in the form of "IP/port" and earlier I have found that such thing gives error in squid.

I tried to figure that out but due to few complications I was not able to so and still I am away from computers for little more time.

   Recommend LS
   Linux User Around