I have a server I use to serve a squid proxy only accessible via ssh
tunnel, which has worked fine for over a year. I upgraded from OpenBSD 5.1
to OpenBSD 5.2 and I've also rebuilt squid in ports. It has stopped working
for ssh tunnel connections. It works for the elinks browser, but both
should be from localhost and be no different as far as I know.
I get these errors in the log:
[15/Mar/2013:04:01:40 -0700] elijah.secusrvr.com mail.google.com "CONNECT
mail.google.com:443 HTTP/1.1" 403 1323 "-" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22"
TCP_DENIED:NONE
My squid.conf:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
acl Safe_ports port 21 80
acl SSL_ports port 443
cache_mem 256 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 127.0.0.1
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname secusrvr.com
coredump_dir /var/squid
http_port 127.0.0.1:3128
https_port 127.0.0.1:3128 cert=/etc/ssl/private/secusrvr.com.crt
key=/etc/ssl/private/server.key
logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/squid/logs/access.log combined
cache_store_log /var/squid/logs/store.log
cache_log /var/squid/logs/cache.log
logfile_rotate 8
cache_dir ufs /var/squid/cache 4096 64 256
I tried googling the error and looking in the manual but still don't fully
understand it.
--
www.johntate.org
