SQUID NOT ALLOWING BROWSING FOR SECURED CONNECTION

SIR

I HAVE RECENTLY INSTALLED CENTOS7 AND CONFIGURED SQUID ON IT . I AM FACING A TYPICAL PROBLEM I AM ABLE TO BROWSE THE NORMAL PAGES BUT WHEN ANY PAGE THAT STARTS WITH HTTPS:\\ IS NOT ALLOWED TO BROWSE.
I HAVE CHECKED MY SQUID.CONF FILE BUT AM UNABLE TO FIND THE PROBLEM.
I HAVE DISABLE SELINEX AND THERE ARE NO RULES IN IPTABLES ALSO.

KINDLY HELP

PASTING MY SQUID.CONF FILE

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl all src all
#acl manager proto cache_object
#acl localhost 127.0.0.1/32
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl localnet src 191.254.178.0/24 191.254.28.0/24 10.0.43.0/24 10.0.42.0/24
http_access allow localnet
icp_access allow all

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
#http_access allow localhost manager
http_access allow localnet manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all


# Squid normally listens to port 3128
http_port 8899

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

cache_peer 191.254.178.76 parent 3128 0 no-query no-digest
#icp_access allow all

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Similar Content

Nagios INternal Server Error
What Is The Use Of Port 1328
Iptables Question
Permission Denied For PhpMyAdmin
How To Identify An Ephemeral Port
Inetd Listening But No Connection (ftp/Telnet)
Linux USB Port As A 'flash Disk'
Unable To Configure LAN And WAN IP In CentOS
Reverse Nat Ssh Tunnel - Open More That One Port?
Trouble Configuring Vsftp

Nagios INternal Server Error

Dear all
i installed nagios on centos. everythins is ok. i can view and login nagios web site. but when i click on every links i recieved error:
-------------------------------------------------
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache/2.2.3 (CentOS) Server at 192.168.100.17 Port 80
-------------------------------------------------------

all links say this error.
please some body help me.


/etc/httpd/conf.d/nagios.conf :
---------------------------------------------------
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
---------------------------------------------------------

What Is The Use Of Port 1328

I just find my server have the below link , it use port 1328 , I checked it called ewall , would advise what is the use of 1328 ewall port in my case ? why it need to use port to access the web , why it can not direct access without the port ? thanks

https://mydomain.com:1328/xxx/xxx/test.html

Iptables Question

Hi,

So, I am learning meteor.js and signed up for a (cheap, i.e no support) VPS to host my Meteor app. Everything is running fine but I am trying to understand better how Linux works so here is my question:

I am running CentOS 7 on the VPS but it still uses iptables for its firewall.

I had to enable port 80 to access the web server. However, if I reboot the server, it stops working until I do
Code:
iptables -F

Then everything works. But I am thinking that -F might not be the best thing. I have changed the default SSH port from 22 to something else and that also works but I don't think I ever added it to the iptables rules.

If I do a port scan, the new SSH port is indicated as open as well as port 80 but others are closed as they are supposed to be.

Any idea what is doing on behind the scenes that requires iptables -F for the web access to work properly and if I shouldn't be doing iptables -F (I have it in the rc.local file), what is the right way of doing it?

(BTW, I am computer literate but not that familiar with Linux, which I am trying to learn now.)


Kamal

Permission Denied For PhpMyAdmin

Hi,

On Centos 7 I haven't been able to configure phpmyadmin. I've got Apache 2.4.6 and I've installed the latest phpmyadmin, both with yum.
I've changed all the 127.0.0.1 to my public ip and I've disabled the 'denied all' directives. This is how it looks:
Code:
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip X.X.X.X
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     #Deny from All
     Allow from X.X.X.X
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip X.X.X.X
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     #Deny from All
     Allow from X.X.X.X
     Allow from ::1
</IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    #Deny from All
    Allow from All
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    #Deny from All
    Allow from All
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    #Deny from All
    #Allow from None
    Allow from All 
</Directory>

on /var/log/httpd/error_log:
Code:
AH01630: client denied by server configuration: /usr/share/phpMyAdmin

The httpd.conf hasn't been changed except this:
Code:
<Directory />
    AllowOverride none
    #Require all denied
    Allow from all
</Directory>

Normal access to my apache works fine (a default test page shows up)

SELinux is disabled and I've also stopped iptables to test it.

How To Identify An Ephemeral Port

Hi all,

I understand that Linux by default will limit its Ephemeral port allocation between 32768 to 61000.

I need to identify the applications running on my box (around 500 of them) which are intentionally using a port which happens to be in Ephemeral port range. Objective is to get a list of those apps and flag it so that the developers get to know of it and change their application port.

When I run netstat -nap to get a list of listen ports, I am unable to figure out if the port in Ephemeral range is actually allocated by OS or one of my apps has done it.


Thanks,
linux_it_is

Inetd Listening But No Connection (ftp/Telnet)

Hello,

I try to use a ftp daemon and a Telnet daemon with inetd and the BusyBox v1.19.0 on a linux 2.6.24.

When running inetd and then checking what is listening with "netstat -an |grep LISTEN" i have :
Code:
netstat: /proc/net/tcp6: No such file or directory
netstat: /proc/net/udp6: No such file or directory
netstat: /proc/net/raw6: No such file or directory
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN

ftp port 21 and Telnet port 23 seems to be listening.

My inetd.conf file is :

Code:
#<service_name>    <sock_type>    <proto>    <flags> <user>     <server_path>     <args> 

21 stream tcp nowait root ftpd ftpd /etc
telnet            stream        tcp        nowait    root    /usr/sbin/telnetd

I have no rule in my hosts.deny so nothing should be stopped and i have no iptables firewall in place too.

When typing "ftp://ipofthetarget" in a web browser i have a error :

Code:
504 Gateway Timeout
Gateway timeout expired while waiting for server response.

And when trying to Telnet from another computer or "Telnet localhost" from the board i have :
Code:
# telnet 10.2.29.201
Trying 10.2.29.201...
connected to 10.2.29.201.
Escape character is '^]'

Connection closed by foreign host.

This would mean that the connection for Telnet exist but why is it closing ?

Thank you for your future answers !

UPDATE 1 :
If i try to run telnetd like this :
/usb/sbin/telnet -l /bin/sh
i can connect anonymously from another computer, not perfect because i would like a user/password but still of use.
The problem with the ftp daemon still exist.

UPDATE 2 :
Trying from Windows cmd or linux terminal : ftp ipofthetarget seems to work
Not perfect because i would like a user/password too but still of use.

I am still open for suggestion for the user/password thing. I am not deleting the thread in case someone interested about this exist.

Linux USB Port As A 'flash Disk'

Hey All,

Is there a way to present a path or other block device to a USB port on a Linux server then have that port connected to a USB port of another device (ie USB to USB) and have it look like a flash disk?

I can plug a USB flash disk to a router just fine. But if I wanted a device to access a path off of another device int he absence of NFS or CIFS capability, that would be handy.

In other words, anyway to assign storage to a USB port in Linux? It would be akin to something like SAN with a target and source just with USB.

Cheers,
DH

Unable To Configure LAN And WAN IP In CentOS

We have 20 systems and I installed SQUID proxy on CENTOS to limit internet access but I'm unable to configure LAN and WAN. We have got one router in the network with 192.168.1.1 as default gateway. I installed squid successfully but unable to configure it in client systems as I'm unable to configure LAN and WAN ips in CentOS.
Please suggest me correct configuration of LAN and WAN for my network. We don't have any static IP with us. What series of IPs do I have to configure in Linux server? After that, what would be my Proxy IP?

I have basic knowledge about Linux...

Please suggest me Conf file accordlingly.

Reverse Nat Ssh Tunnel - Open More That One Port?

I will be setting up a few raspberry pi's in various locations, and they will be creating reverse nat ssh tunnels to my ssh server.

I need to set up a monitoring server at the server's location to monitor the raspberry pi's through the ssh server. The monitoring agent that will be installed on the raspberry pi's is communicating with the monitoring server on port 4700.

My question is:

Since I am using reverse nat ssh tunnels to connect on the ssh server, I am guessing that port 4700 will not be opened. If this is true, is there a way to also open port 4700 in that tunnel, so the monitoring server can access the remote agent?

Thanks

Trouble Configuring Vsftp

Using a Raspberry Pi w/ Debian

Read the manual and several "how-to"s and am getting nowhere

vsftp is running and making a log file. I can get to the Pi with putty or SAMBA

Ultimately want to be able to both(I) ftp in under the "pi" user to access files remotely and (II) have people sending me huge files ftp them in anonymously

Have tried (I) the ftp client in Windows 7 Internet explorer 11, (ii) the ftp client in the Windows 7 "map network drive" UI, and (iii) ES file explorer on my Android phone.

The android phone tells me there is no server there. Windows 7 gets no password challenge, gives no error indication, but does nothing useful. The vsftpd log file shows some attempt by the Windows machine, nothing for the Android.

Config file and log file attached.

The Android is trying to use port 21, the config file mentions something about port 20. Which ports do I need to forward in my router to enable remote access?

Any help appreciated.

Thanks. Jonathan