Squid Proxy Configuration

Discussion in 'Installation/Configuration' started by hellseeker, Aug 28, 2008.

  1. hellseeker

    hellseeker New Member


    i am trying to set up squid just so i can monitor traffic and web caching

    my network is

    i found a config file that i modified a little. i started squid (no errors) but when i set my browser (on an other pc) to use the proxy i get "proxy server is refusing connections"

    here is my config:

    visible_hostname squidtest.mansef
    unique_hostname squidtest.mansef
    # The port on which squid will listen for requests
    http_port 8080
    # If 'cgi-bin' or '?' is in query, squid should not check with neighbours'/parents' cache
    # and should go to target web-server.
    hierarchy_stoplist cgi-bin ?
    # If url contains 'cgi-bin' or '?', then it must not be cached
    acl QUERY urlpath_regex cgi-bin \?
    cache deny QUERY
    acl apache rep_header Server ^Apache
    #broken_vary_encoding allow apache
    # Absolute path to squid access log.
    access_log /var/log/squid/access.log squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    # Access control list to control every IP address
    acl all src
    acl network src
    # Access control list for source machine in LAN
    acl lan_src src
    # Access control list for destination machine in LAN
    acl lan_dst dst
    # Access control list to manage squid cache
    acl manager proto cache_object
    # Access control list to define IP address allowed for source localhost
    acl localhost src
    # Access control list to define IP addresses allowed for localhost as destination
    acl to_localhost dst
    # Access control list to define Safe ports that should be allowed by default
    acl SSL_ports port 443 563 1863 5190 5222 5050 6667
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access allow network
    icp_access allow network
    # Allow cache management only from localhost
    http_access allow manager localhost
    # Deny cache management from remote hosts
    http_access deny manager
    # Deny http access via all the ports which are not listed as safe
    http_access deny !Safe_ports
    # Deny all connections via all ports which are not listed as safe
    http_access deny CONNECT !SSL_ports
    # Allow http access from localhost
    http_access allow localhost
    # Allow http access from machines on LAN
    http_access allow lan_src
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    # Deny caching for everyone so that there is not caching at all
    cache deny all
    coredump_dir /var/spool/squid
    # Never allow direct connection to machines on the internet
    prefer_direct off
    never_direct allow all
    # Allow direct connetion if the destination machine is on LAN
    always_direct allow lan_dst
    # Delete this line if you don't have /etc/hosts file
    hosts_file /etc/hosts
    # Allow AIM connections
    # Delete the following 9 lines if you don't want people to connect to AIM
    acl AIM_ports port 5190 9898 6667
    acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com .freenode.net
    acl AIM_domains dstdomain .messaging.aol.com .aim.com
    acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com irc.freenode.net
    acl AIM_nets dst
    acl AIM_methods method CONNECT
    http_access allow AIM_methods AIM_ports AIM_nets
    http_access allow AIM_methods AIM_ports AIM_hosts
    http_access allow AIM_methods AIM_ports AIM_domains
    # Allow connections to Yahoo Messenger
    # Delete the following 6 lines if you don't want people to connect to Yahoo Messenger
    acl YIM_ports port 5050
    acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
    acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
    acl YIM_methods method CONNECT
    http_access allow YIM_methods YIM_ports YIM_hosts
    http_access allow YIM_methods YIM_ports YIM_domains
    # Allow connections to Google Talk
    # Delete the following 6 lines if you don't want people to connect to Google Talk
    acl GTALK_ports port 5222 5050
    acl GTALK_domains dstdomain .google.com
    acl GTALK_hosts dstdomain talk.google.com
    acl GTALK_methods method CONNECT
    http_access allow GTALK_methods GTALK_ports GTALK_hosts
    http_access allow GTALK_methods GTALK_ports GTALK_domains
    # Allow connections to MSN
    # Delete the following 6 lines if you don't want people to connect to Google Talk
    acl MSN_ports port 1863 443 1503
    acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
    acl MSN_hosts dstdomain messenger.hotmail.com
    acl MSN_nets dst
    acl MSN_methods method CONNECT
    http_access allow MSN_methods MSN_ports MSN_hosts

    please help!!
  2. topdog

    topdog Active Member

    May be a firewall is blocking connections to port 8080 on the proxy

    can you connect via telnet ?

    telnet proxy_server 8080
  3. hellseeker

    hellseeker New Member

    i have tried many ports, 80, 8080, 3124.. all with the same results
  4. heymrdj

    heymrdj ISPConfig Developer ISPConfig Developer

    That's beside the point, can you telnet to any of those ports. I ran into this situation myself on a VPS. Turned out the host installed a software firewall onto each VPS, and I had to go in and ask for every individual port that I needed to be open. You could be using ports that are all closed. You need to see if you can telnet in.
  5. sanchit

    sanchit New Member

    thats the same problem i am suffering from , i am also not able to connect to my server on which i have installed squid, i have tried on many ports , but each and every port is blocked,,, do u have a solution?

Share This Page