I configure squid proxy on Centos 7. I am using Squid version 3.5.20. I also try squid 4.10 on Ubuntu 20.04, but I got the same problem. Maybe my ACL was wrong.
I configure DSTNAT on Router to intercept HTTP traffic from 192.168.1.0/24 to Squid Proxy 10.10.10.10:3128.
This is /etc/squid/squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl whitelist_domain dstdomain “/etc/squid/whitelist.acl”
http_access allow localnet
http_access allow localhost
http_access allow whitelist_domain
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
And this is the /etc/squid/whitelist.acl file:
linux.or.id
lipi.go.id
Please help me to find the problem.
So,regarding the above config, the client will be denied to access all http website, except linux.or.id and lipi.go.id. Right?
However, when I try to connect. All website has this error: INVALID URL
This is /var/log/squid/access.log
1633885185.900 0 192.168.1.251 TAG_NONE/400 3867 GET / - HIER_NONE/- text/html
1633885185.970 0 192.168.1.251 TCP_IMS_HIT/304 295 GET http://linux:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
I was trying to change the squid.conf like this:
http_access allow all
http_port 3128 intercept
http_port 3129
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
That ACL will allow all request.
However, I got ERROR ACCESS DENIED, which mean my ACL blocked the access right?
