Squid TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
I've just installed Squid 3.5.27 on Ubuntu Server 18.04
user@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic
user@ubuntu:~$
user@ubuntu:~$ dpkg -l | grep squid
ii squid 3.5.27-1ubuntu1 amd64 Full featured Web Proxy cache (HTTP proxy)
ii squid-common 3.5.27-1ubuntu1 all Full featured Web Proxy cache (HTTP proxy) - common files
ii squid-langpack 20170901-1 all Localized error pages for Squid
user@ubuntu:~$
user@ubuntu:~$ squid -v
Squid Cache: Version 3.5.27
Service Name: squid
Ubuntu linux
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation'
user@ubuntu:~$
Unfortunately, it doesn't work. This is the /var/log/squid/access.log
user@ubuntu:~$ sudo tail -F /var/log/squid/access.log
1530545854.655 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545857.667 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545860.673 0 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
This is /etc/squid/squid.conf
config
user@ubuntu:~$ egrep -nv '^#|^$' /etc/squid/squid.conf
980:acl localnet src 192.168.0.0/24
982:acl SSL_ports port 443
983:acl Safe_ports port 80 # http
984:acl Safe_ports port 21 # ftp
985:acl Safe_ports port 443 # https
986:acl Safe_ports port 70 # gopher
987:acl Safe_ports port 210 # wais
988:acl Safe_ports port 1025-65535 # unregistered ports
989:acl Safe_ports port 280 # http-mgmt
990:acl Safe_ports port 488 # gss-http
991:acl Safe_ports port 591 # filemaker
992:acl Safe_ports port 777 # multiling http
993:acl CONNECT method CONNECT
1170:http_access deny !Safe_ports
1173:http_access deny CONNECT !SSL_ports
1176:http_access allow localhost manager
1177:http_access deny manager
1192:http_access allow localhost
1195:http_access deny all
1613:http_port 3128
4256:coredump_dir /var/spool/squid
4887:refresh_pattern ^ftp: 1440 20% 10080
4888:refresh_pattern ^gopher: 1440 0% 1440
4889:refresh_pattern -i (/cgi-bin/|?) 0 0% 0
4890:refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
4893:refresh_pattern . 0 20% 4320
user@ubuntu:~$
What caused the issue? Was it ACL?
How to fix it?
squid
add a comment |
I've just installed Squid 3.5.27 on Ubuntu Server 18.04
user@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic
user@ubuntu:~$
user@ubuntu:~$ dpkg -l | grep squid
ii squid 3.5.27-1ubuntu1 amd64 Full featured Web Proxy cache (HTTP proxy)
ii squid-common 3.5.27-1ubuntu1 all Full featured Web Proxy cache (HTTP proxy) - common files
ii squid-langpack 20170901-1 all Localized error pages for Squid
user@ubuntu:~$
user@ubuntu:~$ squid -v
Squid Cache: Version 3.5.27
Service Name: squid
Ubuntu linux
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation'
user@ubuntu:~$
Unfortunately, it doesn't work. This is the /var/log/squid/access.log
user@ubuntu:~$ sudo tail -F /var/log/squid/access.log
1530545854.655 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545857.667 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545860.673 0 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
This is /etc/squid/squid.conf
config
user@ubuntu:~$ egrep -nv '^#|^$' /etc/squid/squid.conf
980:acl localnet src 192.168.0.0/24
982:acl SSL_ports port 443
983:acl Safe_ports port 80 # http
984:acl Safe_ports port 21 # ftp
985:acl Safe_ports port 443 # https
986:acl Safe_ports port 70 # gopher
987:acl Safe_ports port 210 # wais
988:acl Safe_ports port 1025-65535 # unregistered ports
989:acl Safe_ports port 280 # http-mgmt
990:acl Safe_ports port 488 # gss-http
991:acl Safe_ports port 591 # filemaker
992:acl Safe_ports port 777 # multiling http
993:acl CONNECT method CONNECT
1170:http_access deny !Safe_ports
1173:http_access deny CONNECT !SSL_ports
1176:http_access allow localhost manager
1177:http_access deny manager
1192:http_access allow localhost
1195:http_access deny all
1613:http_port 3128
4256:coredump_dir /var/spool/squid
4887:refresh_pattern ^ftp: 1440 20% 10080
4888:refresh_pattern ^gopher: 1440 0% 1440
4889:refresh_pattern -i (/cgi-bin/|?) 0 0% 0
4890:refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
4893:refresh_pattern . 0 20% 4320
user@ubuntu:~$
What caused the issue? Was it ACL?
How to fix it?
squid
add a comment |
I've just installed Squid 3.5.27 on Ubuntu Server 18.04
user@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic
user@ubuntu:~$
user@ubuntu:~$ dpkg -l | grep squid
ii squid 3.5.27-1ubuntu1 amd64 Full featured Web Proxy cache (HTTP proxy)
ii squid-common 3.5.27-1ubuntu1 all Full featured Web Proxy cache (HTTP proxy) - common files
ii squid-langpack 20170901-1 all Localized error pages for Squid
user@ubuntu:~$
user@ubuntu:~$ squid -v
Squid Cache: Version 3.5.27
Service Name: squid
Ubuntu linux
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation'
user@ubuntu:~$
Unfortunately, it doesn't work. This is the /var/log/squid/access.log
user@ubuntu:~$ sudo tail -F /var/log/squid/access.log
1530545854.655 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545857.667 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545860.673 0 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
This is /etc/squid/squid.conf
config
user@ubuntu:~$ egrep -nv '^#|^$' /etc/squid/squid.conf
980:acl localnet src 192.168.0.0/24
982:acl SSL_ports port 443
983:acl Safe_ports port 80 # http
984:acl Safe_ports port 21 # ftp
985:acl Safe_ports port 443 # https
986:acl Safe_ports port 70 # gopher
987:acl Safe_ports port 210 # wais
988:acl Safe_ports port 1025-65535 # unregistered ports
989:acl Safe_ports port 280 # http-mgmt
990:acl Safe_ports port 488 # gss-http
991:acl Safe_ports port 591 # filemaker
992:acl Safe_ports port 777 # multiling http
993:acl CONNECT method CONNECT
1170:http_access deny !Safe_ports
1173:http_access deny CONNECT !SSL_ports
1176:http_access allow localhost manager
1177:http_access deny manager
1192:http_access allow localhost
1195:http_access deny all
1613:http_port 3128
4256:coredump_dir /var/spool/squid
4887:refresh_pattern ^ftp: 1440 20% 10080
4888:refresh_pattern ^gopher: 1440 0% 1440
4889:refresh_pattern -i (/cgi-bin/|?) 0 0% 0
4890:refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
4893:refresh_pattern . 0 20% 4320
user@ubuntu:~$
What caused the issue? Was it ACL?
How to fix it?
squid
I've just installed Squid 3.5.27 on Ubuntu Server 18.04
user@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic
user@ubuntu:~$
user@ubuntu:~$ dpkg -l | grep squid
ii squid 3.5.27-1ubuntu1 amd64 Full featured Web Proxy cache (HTTP proxy)
ii squid-common 3.5.27-1ubuntu1 all Full featured Web Proxy cache (HTTP proxy) - common files
ii squid-langpack 20170901-1 all Localized error pages for Squid
user@ubuntu:~$
user@ubuntu:~$ squid -v
Squid Cache: Version 3.5.27
Service Name: squid
Ubuntu linux
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid3-28YJxG/squid3-3.5.27=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=deprecated -Wno-error=format-truncation'
user@ubuntu:~$
Unfortunately, it doesn't work. This is the /var/log/squid/access.log
user@ubuntu:~$ sudo tail -F /var/log/squid/access.log
1530545854.655 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545857.667 1 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
1530545860.673 0 192.168.0.254 TCP_DENIED/403 4037 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
This is /etc/squid/squid.conf
config
user@ubuntu:~$ egrep -nv '^#|^$' /etc/squid/squid.conf
980:acl localnet src 192.168.0.0/24
982:acl SSL_ports port 443
983:acl Safe_ports port 80 # http
984:acl Safe_ports port 21 # ftp
985:acl Safe_ports port 443 # https
986:acl Safe_ports port 70 # gopher
987:acl Safe_ports port 210 # wais
988:acl Safe_ports port 1025-65535 # unregistered ports
989:acl Safe_ports port 280 # http-mgmt
990:acl Safe_ports port 488 # gss-http
991:acl Safe_ports port 591 # filemaker
992:acl Safe_ports port 777 # multiling http
993:acl CONNECT method CONNECT
1170:http_access deny !Safe_ports
1173:http_access deny CONNECT !SSL_ports
1176:http_access allow localhost manager
1177:http_access deny manager
1192:http_access allow localhost
1195:http_access deny all
1613:http_port 3128
4256:coredump_dir /var/spool/squid
4887:refresh_pattern ^ftp: 1440 20% 10080
4888:refresh_pattern ^gopher: 1440 0% 1440
4889:refresh_pattern -i (/cgi-bin/|?) 0 0% 0
4890:refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
4893:refresh_pattern . 0 20% 4320
user@ubuntu:~$
What caused the issue? Was it ACL?
How to fix it?
squid
squid
edited Jul 2 '18 at 16:20
Sabrina
asked Jul 2 '18 at 16:10
SabrinaSabrina
1164
1164
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
line 1195 - http_access deny all
That's a catch-all rule that is going to block traffic that hasn't been specifically allowed in the config. Which, if this is your whole config, is nothing. Looks like you've got a stock config that will require some allow rules. Alternatively, modify the http_access deny all and change the deny to allow
If you intend to have authentication setup, you can do something like this:
### enforce authentication
http_access deny !auth # deny anyone that isn't authenticated
http_access allow auth # allow authenticated users
http_access deny all # final catch-all that should never actually be met.
If you haven't setup authentication yet, then you just need this:
http_access allow all
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1051554%2fsquid-tcp-denied-403-4037-get-http-detectportal-firefox-com-success-txt-hier%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
line 1195 - http_access deny all
That's a catch-all rule that is going to block traffic that hasn't been specifically allowed in the config. Which, if this is your whole config, is nothing. Looks like you've got a stock config that will require some allow rules. Alternatively, modify the http_access deny all and change the deny to allow
If you intend to have authentication setup, you can do something like this:
### enforce authentication
http_access deny !auth # deny anyone that isn't authenticated
http_access allow auth # allow authenticated users
http_access deny all # final catch-all that should never actually be met.
If you haven't setup authentication yet, then you just need this:
http_access allow all
add a comment |
line 1195 - http_access deny all
That's a catch-all rule that is going to block traffic that hasn't been specifically allowed in the config. Which, if this is your whole config, is nothing. Looks like you've got a stock config that will require some allow rules. Alternatively, modify the http_access deny all and change the deny to allow
If you intend to have authentication setup, you can do something like this:
### enforce authentication
http_access deny !auth # deny anyone that isn't authenticated
http_access allow auth # allow authenticated users
http_access deny all # final catch-all that should never actually be met.
If you haven't setup authentication yet, then you just need this:
http_access allow all
add a comment |
line 1195 - http_access deny all
That's a catch-all rule that is going to block traffic that hasn't been specifically allowed in the config. Which, if this is your whole config, is nothing. Looks like you've got a stock config that will require some allow rules. Alternatively, modify the http_access deny all and change the deny to allow
If you intend to have authentication setup, you can do something like this:
### enforce authentication
http_access deny !auth # deny anyone that isn't authenticated
http_access allow auth # allow authenticated users
http_access deny all # final catch-all that should never actually be met.
If you haven't setup authentication yet, then you just need this:
http_access allow all
line 1195 - http_access deny all
That's a catch-all rule that is going to block traffic that hasn't been specifically allowed in the config. Which, if this is your whole config, is nothing. Looks like you've got a stock config that will require some allow rules. Alternatively, modify the http_access deny all and change the deny to allow
If you intend to have authentication setup, you can do something like this:
### enforce authentication
http_access deny !auth # deny anyone that isn't authenticated
http_access allow auth # allow authenticated users
http_access deny all # final catch-all that should never actually be met.
If you haven't setup authentication yet, then you just need this:
http_access allow all
answered Jan 16 at 20:52
JoeyJoey
212
212
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1051554%2fsquid-tcp-denied-403-4037-get-http-detectportal-firefox-com-success-txt-hier%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown