I am running a simply Squid3 setup on Ubuntu Intrepid. I have been using Squid 2.7 for quite sometime but never had this problem before. Squid3 is erroneously blocking gmail and yahoomail. My simple workaround is use https instead of http.
My ACLs are: acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl SMTP_port port 25 acl workhours time M T W H F 8:00-12:00 13:15-17:00 #acl otherhours time M T W H F 11:31-13:29 acl warez dstdomain "/etc/squid3/warez/domains.acl" acl ads dstdomain "/etc/squid3/ads/domains.acl" acl special_sites dstdomain "/etc/squid3/special_sites/domains.acl" acl justporn dstdomain "/etc/squid3/porn/justporn.acl" acl redirector dstdomain "/etc/squid3/redirector/domains.acl" acl spyware dstdomain "/etc/squid3/spyware/domains.acl" #acl pornex url_regex -i "/etc/squid3/porn/pornex.acl" #acl nopornex url_regex -i "/etc/squid3/porn/noporn.acl" acl filenames url_regex -i \.exe$ \.com$ \.mp3$ \.asx$ \.wma$ \.mpeg$ \.mpg$ \.qt$ \.ram$ \.rm$ \.wav$ \.flv$ \.avi$ acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$ acl webRadioReq2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$ acl webRadioReq3 req_mime_type -i ^application/x-mms-framed$ acl webRadioRep1 rep_mime_type -i ^video/x-ms-asf$ acl webRadioRep2 rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$ acl webRadioRep3 rep_mime_type -i ^application/x-mms-framed$ acl WMP browser Windows-Media-Player/* #acl batcave src "/etc/squid/ip/otherip" acl batman src "/etc/squid3/ip/goodip" http_access deny SMTP_port http_access deny workhours warez http_access deny workhours ads http_access deny workhours justporn http_access deny workhours redirector http_access deny workhours spyware #http_access deny workhours pornex !nopornex http_access deny workhours filenames http_access deny workhours special_sites http_access deny workhours WMP all http_access deny workhours webRadioReq1 all http_access deny workhours webRadioReq2 all http_access deny workhours webRadioReq3 all # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed #http_access allow localnet http_access allow batman http_access allow localhost I assure you that gmail and yahoomail are not within those domains.acl files as I searched for it. Anything wrong? Or any issue with Squid3 that I didn't know about? Excerpts from sudo tail -f /var/log/squid3/access.log when I tried to access gmail.com is as follows: 1234403201.410 2011 192.168.2.192 TCP_MISS/200 592 GET http://presence.msg.yahoo.com/online? - DIRECT/209.131.36.172 text/plain 1234403201.602 978 192.168.2.192 TCP_MISS/200 3178 GET http://ph.mg60.mail.yahoo.com/ws/mail/v1/formrpc? - DIRECT/124.108.114.74text/xml 1234403203.512 306 192.168.2.192 TCP_MISS/200 698 GET http://ph.mg60.mail.yahoo.com/dc/rs? - DIRECT/124.108.114.74 text/html 1234403343.324 0 192.168.2.186 TCP_DENIED/403 2885 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - NONE/- text/html 1234403403.331 0 192.168.2.186 TCP_DENIED/403 2885 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - NONE/- text/html 1234403448.987 26483 192.168.2.192 TCP_MISS/200 21321 GET http://f5.yahoofs.com/msgr/mary_allangel/.friend_icon.png? - DIRECT/ 206.190.35.168 image/png 1234403466.565 0 192.168.2.188 TCP_DENIED/403 2664 GET http://en-us.fxfeeds.mozilla.com/en-US/firefox/headlines.xml - NONE/- text/html *1234403489.349 0 192.168.2.192 TCP_HIT/301 648 GET http://gmail.com/ - NONE/- text/html 1234403495.234 5884 192.168.2.192 TCP_MISS/302 1235 GET http://mail.google.com/mail/ - DIRECT/74.125.19.19 text/html 1234403496.600 0 192.168.2.192 TCP_DENIED/403 3191 GET http://mail.google.com/mail/? - NONE/- text/html* It seems its blocking URLs with "?" at end? Thank you for the help!
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
