Dear All
I have squid proxy in my office and enabled ACl for two different groups. Group A doesn't have
any restriction to browse any URLS, but group B is allowed to browse only specified sites
my starnge problem i am not able to browse site where
i am coming under group A, tried the same url in group b pc's also . I am getting following errors
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: memadmin.mithi.com:8443
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is root.
--------------------------------------------------------------------------------
Generated Thu, 05 Apr 2007 14:01:06 GMT by ismartblr2 (squid/2.5.STABLE1)
* Should i enable 8443 port as SSL port in squid.conf?
* I am not getting any log details
* Enclosed my ACL
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 8443 # https
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan1_blr src 192.168.1.0/255.255.255.0
acl lan2_blr src 192.168.100.0/255.255.255.0
acl msn_hosts src "/etc/squid/msn_hosts"
acl allowed_machines src "/etc/squid/allowed_machines"
acl support_staff src "/etc/squid/support_staff"
acl callcenter src "/etc/squid/callcenter"
acl rejected_urls url_regex "/etc/squid/rejected_urls"
acl allowed_urls dstdomain "/etc/squid/allowed_urls"
acl msn dstdomain "/etc/squid/msn"
http_access allow msn_hosts msn
http_access deny rejected_urls
http_access deny !allowed_machines
http_access deny !lan1_blr !lan2_blr
http_access allow callcenter allowed_urls allowed_machines
http_access allow support_staff !callcenter
http_access deny all
Don't know where i am making mistake, which one is preventing to browse that url.
Kindly help me....
I have squid proxy in my office and enabled ACl for two different groups. Group A doesn't have
any restriction to browse any URLS, but group B is allowed to browse only specified sites
my starnge problem i am not able to browse site where
i am coming under group A, tried the same url in group b pc's also . I am getting following errors
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: memadmin.mithi.com:8443
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is root.
--------------------------------------------------------------------------------
Generated Thu, 05 Apr 2007 14:01:06 GMT by ismartblr2 (squid/2.5.STABLE1)
* Should i enable 8443 port as SSL port in squid.conf?
* I am not getting any log details
* Enclosed my ACL
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 8443 # https
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan1_blr src 192.168.1.0/255.255.255.0
acl lan2_blr src 192.168.100.0/255.255.255.0
acl msn_hosts src "/etc/squid/msn_hosts"
acl allowed_machines src "/etc/squid/allowed_machines"
acl support_staff src "/etc/squid/support_staff"
acl callcenter src "/etc/squid/callcenter"
acl rejected_urls url_regex "/etc/squid/rejected_urls"
acl allowed_urls dstdomain "/etc/squid/allowed_urls"
acl msn dstdomain "/etc/squid/msn"
http_access allow msn_hosts msn
http_access deny rejected_urls
http_access deny !allowed_machines
http_access deny !lan1_blr !lan2_blr
http_access allow callcenter allowed_urls allowed_machines
http_access allow support_staff !callcenter
http_access deny all
Don't know where i am making mistake, which one is preventing to browse that url.
Kindly help me....