from:"navari.lore...@gmail.com"

[squid-users] TCP_DENIED/403

2014-11-05 Thread navari.lore...@gmail.com

Good day today.
I' m configuring a Squid Web Proxy Cache 
and  I apply the deny policy to some sites l 
this is the problem:

when people accesses sites with GET they have the right html error page
ERR_ACCES_DENIED 
(LOG = TCP_DENIED/403 4069 GET http://www.sex.com/ - HIER_NONE/- text/html)

when people accesses sites with CONNECT they DON'T  have the right html
error page 
but te message CONNECTION REFUSED BY PROXY SERVER
(LOG = TCP_DENIED/403 3681 CONNECT facebook.com:443 - HIER_NONE/- text/html)

I would like to have the same error page for all.

Can anyone help ??



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP_DENIED/403

2014-11-05 Thread navari.lore...@gmail.com

thank now i read


Il 05/11/2014 10:53, Rafael Akchurin [via Squid Web Proxy Cache] ha scritto:
> Hello Navari,
>
> Just my two cents - 
> http://docs.diladele.com/faq/squid.html#why-i-see-cannot-connect-to-site-using-https-browser-message-instead-of-usual-site-is-blocked
>
> Raf
>
> -Original Message-
> From: squid-users [mailto:[hidden email] 
> ] On Behalf Of [hidden 
> email] 
> Sent: Wednesday, November 5, 2014 10:39 AM
> To: [hidden email] 
> Subject: [squid-users] TCP_DENIED/403
>
> Good day today.
> I' m configuring a Squid Web Proxy Cache and  I apply the deny policy 
> to some sites l this is the problem:
>
> when people accesses sites with GET they have the right html error 
> page ERR_ACCES_DENIED (LOG = TCP_DENIED/403 4069 GET 
> http://www.sex.com/ - HIER_NONE/- text/html)
>
> when people accesses sites with CONNECT they DON'T  have the right 
> html error page but te message CONNECTION REFUSED BY PROXY SERVER (LOG 
> = TCP_DENIED/403 3681 CONNECT facebook.com:443 - HIER_NONE/- text/html)
>
> I would like to have the same error page for all.
>
> Can anyone help ??
>
>
>
> -- 
> View this message in context: 
> http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> [hidden email] 
> http://lists.squid-cache.org/listinfo/squid-users
> ___
> squid-users mailing list
> [hidden email] 
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> 
> If you reply to this email, your message will be added to the 
> discussion below:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210p4668212.html
>  
>
> To unsubscribe from TCP_DENIED/403, click here 
> .
> NAML 
> 
>  
>





--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210p4668214.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP_DENIED/403

2014-11-05 Thread navari.lore...@gmail.com

thank for replay

SO = CentOS 7

squid-3.4.6-1.el7.centos.x86_64

=

[root@lv-034-005 squid]# cat squid.conf
#
# Recommended minimum configuration:
#

#Default: debug_options ALL,1
#more: debug_options ALL,1 33,2 28,9
debug_options ALL,1 28,3

visible_hostname proxy.usl1.toscana.it
append_domain .usl1.toscana.it
ftp_passive on
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .0 20% 4320
error_directory /etc/squid/errors
maximum_object_size 8192 KB
cache_dir ufs /var/spool/squid 8192 16 128
cache_log none
cache_store_log none
cache_mem 512 MB

#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
#acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl localnet src 192.168.0.0/16# RFC1918 possible internal network
#acl localnet src fc00::/7   # RFC 4193 local private network range
#acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443 563 445 8080 10443 27443 28443
#acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 22# telnet
acl Safe_ports port 443563 445 # https
acl Safe_ports port 70# gopher
acl Safe_ports port 210# wais
acl Safe_ports port 1025-65535# unregistered ports
acl Safe_ports port 280# http-mgmt
acl Safe_ports port 488# gss-http
acl Safe_ports port 591# filemaker
acl Safe_ports port 777# multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
##

## ACL definition ##
acl siti_proibiti  url_regex  "/etc/squid/siti.proibiti.squid"

## ACL application ##
http_access deny siti_proibiti

##

# LDAP AUTH -
auth_param basic program /usr/lib64/squid/basic_ldap_auth -b
ou=users,dc=usl1,dc=toscana,dc=it -H ldap://portale3.usl1.toscana.it/
auth_param basic children 5
auth_param basic realm Accesso ad Internet
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl user_authentication proxy_auth REQUIRED
http_access allow user_authentication

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:144020%10080
refresh_pattern ^gopher:14400%1440
refresh_pattern -i (/cgi-bin/|\?) 00%0
refresh_pattern .020%4320
[root@lv-034-005 squid]#


[root@lv-034-005 squid]# cat siti.proibiti.squid
facebook\.(com|org|info|net|it)
twitter\.(com|org|info|net|it)
\.sex\.(com|org|info|net|it)
google-analytics\.com
youporn\.com
adultfriend\.com
pornhub\.com
sex
porn
games
giochi
gaytube\.com
amantesorgias\.com
porno\.com
www\.topgirlsitalia\.it
\.twitter\.com
\.myspace\.com
\.hi5\.com
\.teamviewer\.com
fbcdn-sphotos-e-a.akamaihd.net
[root@lv-034-005 squid]#





--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210p4668216.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP_DENIED/403

2014-11-06 Thread navari.lore...@gmail.com

hello boys,
excuse my bad english

there is something i don't understand.
If i write an URL into a browser which use Squid (for example www.xxx.com)
(denied whith an acl)

I expect that Squid answer saying:  you cannot access this url because it is
a denied url.
This should happen without squid goes to look for that url.

What's wrong ? 





--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210p4668228.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP_DENIED/403

2014-11-06 Thread navari.lore...@gmail.com

Thank You.
Now I understand.



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-403-tp4668210p4668231.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] WARNING: deny_mime_type ACL is used in context without an HTTP response. Assuming mismatch.

2014-11-17 Thread navari.lore...@gmail.com

hello, 

in my cache.log i have many of these

==> /var/log/squid/cache.log <==
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.
2014/11/17 12:08:07 kid1| WARNING: deny_mime_type ACL is used in context
without an HTTP response. Assuming mismatch.


what could I do to correct.


vvv

## ACL definition ##

acl user_authentication proxy_auth REQUIRED

acl server_no_auth src  "/etc/squid/server_noauth.txt"
acl direct_hosts dst"/etc/squid/direct_hosts.txt"
acl deny_host src   "/etc/squid/deny_host.txt"
acl direct_urls dstdom_regex"/etc/squid/direct_urls.txt"
acl deny_client src "/etc/squid/deny_client.txt"
acl deny_users proxy_auth   "/etc/squid/deny_users.txt"
acl siti_proibiti  url_regex"/etc/squid/siti.proibiti.squid"
acl deny_extensions urlpath_regex -i"/etc/squid/deny_extensions.txt"
acl deny_mime_type rep_mime_type -i "/etc/squid/deny_mime.txt"
acl allowed_extensions urlpath_regex -i "/etc/squid/allowed_extensions.txt"
acl allowed_assistenza_users proxy_auth
"/etc/squid/allowed_assistenza_users.txt"
acl allowed_sitesmime dstdom_regex  "/etc/squid/allowed_sitesmime.txt"
acl allowed_usermime proxy_auth "/etc/squid/allowed_usermime.txt"

## ACL application ##

http_access allow server_no_auth
http_access allow direct_hosts
http_access   allow deny_mime_type direct_hosts
http_reply_access allow deny_mime_type direct_hosts
http_access   allow deny_extensions direct_hosts
http_reply_access allow deny_extensions direct_hosts

http_access allow direct_urls
http_access   allow deny_mime_type direct_urls
http_reply_access allow deny_mime_type direct_urls
http_access   allow deny_extensions direct_urls
http_reply_access allow deny_extensions direct_urls

deny_info ERR_DENY_EXTENSIONS deny_extensions
deny_info ERR_DENY_MIME deny_mime_type

http_access allow deny_client allowed_assistenza_users
http_access allow deny_extensions allowed_assistenza_users

http_access   allow deny_mime_type allowed_assistenza_users
http_reply_access allow deny_mime_type allowed_assistenza_users

http_access   allow deny_mime_type allowed_usermime
http_reply_access allow deny_mime_type allowed_usermime
http_access   allow deny_extensions allowed_usermime
http_reply_access allow deny_extensions allowed_usermime

http_access   allow deny_mime_type allowed_sitesmime
http_reply_access allow deny_mime_type allowed_sitesmime
http_access   allow deny_extensions allowed_sitesmime
http_reply_access allow deny_extensions allowed_sitesmime

http_access deny deny_mime_type
http_reply_access deny deny_mime_type
http_access deny deny_extensions
http_access deny deny_client
http_access deny deny_users
http_access deny siti_proibiti
http_access allow user_authentication
http_access allow allowed_extensions
##








--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-deny-mime-type-ACL-is-used-in-context-without-an-HTTP-response-Assuming-mismatch-tp4668430.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] WARNING: deny_mime_type ACL is used in context without an HTTP response. Assuming mismatch.

2014-11-18 Thread navari.lore...@gmail.com

thank you very much.
it's right
i apologize



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-deny-mime-type-ACL-is-used-in-context-without-an-HTTP-response-Assuming-mismatch-tp4668430p4668444.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] WARNING: there are more than 100 regular expressions

2014-11-27 Thread navari.lore...@gmail.com

Good day,
i have these Warnings  

 squid -k parse

..
2014/11/27 09:36:22| Processing: acl direct_urls dstdom_regex   
"/etc/squid/direct_urls.txt"
2014/11/27 09:36:22| /etc/squid/squid.conf line 86: acl direct_urls
dstdom_regex"/etc/squid/direct_urls.txt"
2014/11/27 09:36:22| WARNING: there are more than 100 regular expressions.
Consider using less REs or use rules without expressions like 'dstdomain'.

2014/11/27 09:36:22| Processing: acl allowed_sitesmime dstdom_regex 
"/etc/squid/allowed_sitesmime.txt"
2014/11/27 09:36:22| /etc/squid/squid.conf line 94: acl allowed_sitesmime
dstdom_regex"/etc/squid/allowed_sitesmime.txt"
2014/11/27 09:36:22| WARNING: there are more than 100 regular expressions.
Consider using less REs or use rules without expressions like 'dstdomain'.


What can i do ?

Thank to everybody.







--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-there-are-more-than-100-regular-expressions-tp4668529.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] WARNING: there are more than 100 regular expressions

2014-11-27 Thread navari.lore...@gmail.com

"Consider using less REs ..." is not possible.

if there is no other solution
i will break the files in many files with less then 100 entries.

Probably will have the same problem with black list.

Thank 



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-there-are-more-than-100-regular-expressions-tp4668529p4668531.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] WARNING: there are more than 100 regular expressions

2014-11-27 Thread navari.lore...@gmail.com

ok 
i don't intend to use REs for blacklisting but only for blocking some sites
like facebook twitter...
In the other file i have about 120 - 150 REs.





--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-there-are-more-than-100-regular-expressions-tp4668529p4668535.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] WARNING: there are more than 100 regular expressions

2014-11-30 Thread navari.lore...@gmail.com

I saw that the error does not preclude the use of the lines over the 100. I
have no problem with the CPU ( 7 % ) . Only I do not like to see " Warning"



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-there-are-more-than-100-regular-expressions-tp4668529p4668542.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] WARNING: there are more than 100 regular expressions

2014-11-30 Thread navari.lore...@gmail.com

 this is the error: WARNING: there are more than 100 regular expressions.
Consider using less REs or use rules without expressions like 'dstdomain'. 





--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-there-are-more-than-100-regular-expressions-tp4668529p4668541.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] TCP_DENIED/403

Re: [squid-users] TCP_DENIED/403

Re: [squid-users] TCP_DENIED/403

Re: [squid-users] TCP_DENIED/403

Re: [squid-users] TCP_DENIED/403

[squid-users] WARNING: deny_mime_type ACL is used in context without an HTTP response. Assuming mismatch.

Re: [squid-users] WARNING: deny_mime_type ACL is used in context without an HTTP response. Assuming mismatch.

[squid-users] WARNING: there are more than 100 regular expressions

Re: [squid-users] WARNING: there are more than 100 regular expressions

Re: [squid-users] WARNING: there are more than 100 regular expressions

Re: [squid-users] WARNING: there are more than 100 regular expressions

Re: [squid-users] WARNING: there are more than 100 regular expressions

12 matches

Site Navigation

Mail list logo

Footer information