Setting up Squid/Dansguardian - I keep getting "Access Denied."

I

InorganicMatter

[H]F Junkie
Joined
Oct 19, 2004
Messages
15,461
OK, I am trying to set up a simple unit to cache/save bandwidth and filter the kid's internet. I'm using Fedora. I downloaded the Squid source, compiled, make, installed. I change the folder owner of the log/cache folders and set the cache_effective_user to account "squid" (the main, non-root account). I set my http_access list to:

Code: 
acl network src 192.168.0.0/24
http_access allow network
http_access deny all

If I point it at port 3128 (Squid), the internet runs fine but it doesn't block any pages. If I point it at port 8080 (Dansguardian), I get this:

Code: 
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: [url]http://www.hardocp.com/[/url]

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. 

Your cache administrator is webmaster.
Generated Tue, 09 May 2006 21:50:44 GMT by localhost.localdomain [B](squid/2.5.STABLE13)[/B]

It says it's coming from Squid, but isn't port 8080 the one that Dansguardian listens on? What's up here guys? I'm new to all this, and am still wet around the ears with Linux, but I'm starting to get the hang of it. Any help?
 
I think I've seen that before...not 100% sure it was the same error but check if these settings are enabled in your squid.conf:
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel-host virtual

I"m pretty sure that's what I did to fix it but it's been a year since I played with squid.
 
I've done a little with Squid + DansGuardian, though I was doing transparent proxying cuz I didnt want to have to reconfigure 100 web browsers in the company. It's been a while, but I will see if I can take a look at your stuff a little more in depth later (at work right now).

Anyway, I was curious what guide you used? When I did my project, there weren't many all-in-one guides, so I wrote one. If anyone's curious, it's avaliable here (35K PDF).

EDIT: Just thinking about this a bit. Arent your web browsers supposed to point to DG? Then DG tells Squid to fetch the pages. Once they are fetched, they are given to DG. DG then looks them over and makes sure they fit any content-filtering criteria before they are handed off to the client. But I'm almost 100% that DG sits between the browser and Squid.
 
Stinn said:
I think I've seen that before...not 100% sure it was the same error but check if these settings are enabled in your squid.conf:
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel-host virtual

I"m pretty sure that's what I did to fix it but it's been a year since I played with squid.
Click to expand...
That got it working, but it seems to be a bit sluggish. Maybe it's my imagination, thanks a bunch!
 
InorganicMatter said:
That got it working, but it seems to be a bit sluggish. Maybe it's my imagination, thanks a bunch!
Click to expand...
What kind of load average is on the squid box? Is it still sluggish if you request a cached page?
 
I hate to revive an old thread, but no sense in starting a new one.

I'm setting up my new Mini-ITX box, and I'm getting the exact same thing again. I've tried it multiple times, and I still get the Access Denied error. Stinn, your solution isn't working now :( Here's my http_access list:

Code: 
acl network src 192.168.0.0/24
http_access allow network

http_access deny all
Simple, huh?

I get the feeling that I'm missing something really basic. So basic that no one has thought to tell me because it's considered such common knowlege.

I'll update my original post with the info.
 
Bump, I'm getting desparate.

OK, it's definetely a problem with my http_access list. I commented out everything except "allow all," and now I'm surfing just fine (and Dansguardian works like a charm). What on earth could be the problem? My entire network is 192.168.0.1-50. Doesn't this line...

Code: 
acl network src 192.168.0.0/24
http_access allow network

...put all network traffic on the white list? Help me out, I don't understand this whole subnet thing.
 
You must log in or register to reply here.
Back
Top