October 12, 2024, 10:39:59 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Annoying Permissions Issue  (Read 5609 times)

Offline keever

  • Linux Noob !
  • *
  • Posts: 14
Annoying Permissions Issue
« on: November 09, 2005, 05:11:04 PM »
For the most part Squid is set up fine on my company's LAN, but a number of users are getting a Permission denied error message when trying to access an internal machines's html content.  It is not being blocked based on any acls, but because of a file/dir permissions failure.  here is the error message:

While trying to retrieve the URL: http://192.168.3.7:7200/options/html_os_server?

The following error was encountered:

Connection Failed
The system returned:

    (13) Permission denied The remote host or network may be down. Please try the request again.

Here is the corresponding entry in /var/squid/access.log:

1131375384.070    165 192.10.30.243 TCP_MISS/503 1453 GET http://192.168.3.7:7200/options/html_os_server? - NONE/- text/html

I know already that 7200 isn't in the Safe_ports acl by default, so I added 7200, and it still fails.  Though opening 7200 is irrelavent because it isn't an Access Control issue.  I've also added the subnet 192.168.3.0 to the list of networks allowed to access squid.

I've tried googling a combination of both the failure url for the user and the access.log entry, and came up with zilch.  So my question is, What on earth is causing a permissions error when a user wants to open a webpage on an internal server?

Below are my acl configs:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 172.16.3.30/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 7200 # NF  http
acl CONNECT method CONNECT
acl Allowed_Networks src 172.16.3.0/255.255.255.0 192.10.30.0/255.255.255.0 192.168.218.0/255.255.255.0 192.168.3.0/255.255.255.0
acl Email dstdomain "/usr/local/squid/acls/email"
acl Exceptions src 172.16.3.66/255.255.255.255

# Only allow cachemgr access from localhost
#http_access allow Safe_Port
http_access allow Exceptions
#http_access allow manager localhost
#http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny Email
http_access allow Allowed_Networks
http_access deny all
miss_access allow all
# Deny requests to unknown ports
# Deny CONNECT to other than SSL ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
problem in access internal server via squid proxy
« Reply #1 on: November 10, 2005, 04:40:33 AM »
You have asked same question earlier that was about webmin . I have to find out that why this happens.
May be adding 127.0.0.1 can do the job instead of local host .

Offline ozioma

  • Tux Awared
  • **
  • Posts: 35
WEBMIN ACCESS PROBLEM
« Reply #2 on: November 12, 2005, 01:33:14 PM »
PLEASE USE PORT 81 INSTEAD OF THE ONE YOU ARE USING
LIKE MINE I USE 192.168.11.253:81




THANKS
OZIOMA

Offline keever

  • Linux Noob !
  • *
  • Posts: 14
problem in access internal server via squid proxy
« Reply #3 on: November 21, 2005, 11:57:10 PM »
I just tried to switch the http_port to 81, but squid terminated the second a request was made to it.   It also wouldn't restart until I changed the http_port back to 3128.  Why did it behave that way?