Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Squid refuses all websites when creating proxy server

so I'm trying to create a proxy server for my crawler to use, and I'm unsure about why I'm getting denied from even myself. When I go to any website in a browser, on the computer that I've installed Squid and everything on, it's giving me the following error message:

ERROR

The requested URL could not be retrieved

While trying to retrieve the URL: http://www.whatismyipaddress.com/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is webmaster. 
Generated Sun, 08 Nov 2015 04:03:13 GMT by WIN-AIUOBK0JHPA (squid/2.7.STABLE8)

I've edited my LAN settings in Internet Options to allow for a proxy server at the correct IP address (IPv4 when I run ipconfig), gave it the correct port to open up to, and I've also opened up the port in my Windows Firewall.

Below are segments of my squid.conf file:

acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT

acl localhost src 192.168.1.0/255.255.255.255 
http_access allow localhost

(skip through some commented out segments....)

http_access allow manager localhost

http_access allow localnet

As you can tell, I've stripped out a lot of unnecessary commented parts. Down lower, I have my...

http_port ####

...line.

I have no idea why I'm getting blocked out. I will be constantly refreshing, so if you need any more information or have any questions, please let me know. Thank you so much!!

like image 493
Matt Avatar asked Nov 08 '15 04:11

Matt


Video Answer


2 Answers

your config should somewhat look like below

http_access allow localhost 
http_access allow localnet 
# And finally deny all other access to this proxy 
http_access deny all

and remove the following line from your config

acl localhost src 192.168.1.0/255.255.255.255 

localhost need not to be specified as ACL its just for accessing localhost pages. You have mixed up localhost with localnet, modify that line like below

acl localnet src 192.168.1.0/255.255.255.255 

your lan clients local ip that hitting the proxy should belong to the above mentioned src range or modify the range as you require. all other requests from other ips will be denied

like image 195
Share_Improve Avatar answered Oct 19 '22 20:10

Share_Improve


I just got rid of all the default config and used the following:

# cat /etc/squid/squid.conf
http_port 3128
acl vpc_no_internet src 10.130.0.0/255.255.0.0
http_access allow vpc_no_internet
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

Note: The above config allows access for the specified subnet only.

like image 1
leodotcloud Avatar answered Oct 19 '22 21:10

leodotcloud