#1  
Old 28th August 2008, 18:18
hellseeker hellseeker is offline
Junior Member
 
Join Date: Aug 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Squid Proxy Configuration

Hi!

i am trying to set up squid just so i can monitor traffic and web caching

my network is 192.168.1.0/255.255.255.0

i found a config file that i modified a little. i started squid (no errors) but when i set my browser (on an other pc) to use the proxy i get "proxy server is refusing connections"

here is my config:

visible_hostname squidtest.mansef
unique_hostname squidtest.mansef
# The port on which squid will listen for requests
http_port 8080
# If 'cgi-bin' or '?' is in query, squid should not check with neighbours'/parents' cache
# and should go to target web-server.
hierarchy_stoplist cgi-bin ?
# If url contains 'cgi-bin' or '?', then it must not be cached
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
# Absolute path to squid access log.
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# Access control list to control every IP address
#TEST
acl all src 0.0.0.0/0.0.0.0
acl network src 192.168.1.0/255.255.255.0
# Access control list for source machine in LAN
acl lan_src src 192.168.1.0/24
# Access control list for destination machine in LAN
acl lan_dst dst 192.168.1.0/24
# Access control list to manage squid cache
acl manager proto cache_object
# Access control list to define IP address allowed for source localhost
acl localhost src 127.0.0.1/255.255.255.255
# Access control list to define IP addresses allowed for localhost as destination
acl to_localhost dst 127.0.0.0/8
# Access control list to define Safe ports that should be allowed by default
acl SSL_ports port 443 563 1863 5190 5222 5050 6667
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#TEST
http_access allow network
icp_access allow network
# Allow cache management only from localhost
http_access allow manager localhost
# Deny cache management from remote hosts
http_access deny manager
# Deny http access via all the ports which are not listed as safe
http_access deny !Safe_ports
# Deny all connections via all ports which are not listed as safe
http_access deny CONNECT !SSL_ports
# Allow http access from localhost
http_access allow localhost
# Allow http access from machines on LAN
http_access allow lan_src
http_access deny all
http_reply_access allow all
icp_access allow all
# Deny caching for everyone so that there is not caching at all
cache deny all
coredump_dir /var/spool/squid
# Never allow direct connection to machines on the internet
prefer_direct off
never_direct allow all
# Allow direct connetion if the destination machine is on LAN
always_direct allow lan_dst
# Delete this line if you don't have /etc/hosts file
hosts_file /etc/hosts
# Allow AIM connections
# Delete the following 9 lines if you don't want people to connect to AIM
acl AIM_ports port 5190 9898 6667
acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com .freenode.net
acl AIM_domains dstdomain .messaging.aol.com .aim.com
acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com irc.freenode.net
acl AIM_nets dst 64.12.0.0/255.255.0.0
acl AIM_methods method CONNECT
http_access allow AIM_methods AIM_ports AIM_nets
http_access allow AIM_methods AIM_ports AIM_hosts
http_access allow AIM_methods AIM_ports AIM_domains
# Allow connections to Yahoo Messenger
# Delete the following 6 lines if you don't want people to connect to Yahoo Messenger
acl YIM_ports port 5050
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains
# Allow connections to Google Talk
# Delete the following 6 lines if you don't want people to connect to Google Talk
acl GTALK_ports port 5222 5050
acl GTALK_domains dstdomain .google.com
acl GTALK_hosts dstdomain talk.google.com
acl GTALK_methods method CONNECT
http_access allow GTALK_methods GTALK_ports GTALK_hosts
http_access allow GTALK_methods GTALK_ports GTALK_domains
# Allow connections to MSN
# Delete the following 6 lines if you don't want people to connect to Google Talk
acl MSN_ports port 1863 443 1503
acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 207.46.111.0/255.255.255.0
acl MSN_methods method CONNECT
http_access allow MSN_methods MSN_ports MSN_hosts

please help!!
Reply With Quote
Sponsored Links
  #2  
Old 29th August 2008, 09:29
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

May be a firewall is blocking connections to port 8080 on the proxy

can you connect via telnet ?

Code:
telnet proxy_server 8080
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 2nd September 2008, 22:16
hellseeker hellseeker is offline
Junior Member
 
Join Date: Aug 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i have tried many ports, 80, 8080, 3124.. all with the same results
Reply With Quote
  #4  
Old 22nd November 2008, 23:43
heymrdj heymrdj is offline
Member
 
Join Date: Feb 2007
Posts: 58
Thanks: 2
Thanked 4 Times in 4 Posts
Default

That's beside the point, can you telnet to any of those ports. I ran into this situation myself on a VPS. Turned out the host installed a software firewall onto each VPS, and I had to go in and ask for every individual port that I needed to be open. You could be using ports that are all closed. You need to see if you can telnet in.
Reply With Quote
  #5  
Old 17th September 2012, 20:36
sanchit sanchit is offline
Junior Member
 
Join Date: Sep 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thats the same problem i am suffering from , i am also not able to connect to my server on which i have installed squid, i have tried on many ports , but each and every port is blocked,,, do u have a solution?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 19:51
Squid proxy on ubuntu 8 intercept_ns7 HOWTO-Related Questions 0 29th July 2008 16:22
squid cache proxy Retaliator Technical 0 1st July 2008 16:53
Squid configuration confighelp Server Operation 2 24th November 2007 15:27
ispconfig and mambo shajazzi Installation/Configuration 70 28th March 2006 19:29


All times are GMT +2. The time now is 23:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.