Jump to content

ERR_ACCESS_DENIED


Guest patrickp
 Share

Recommended Posts

Guest patrickp

Hello,

 

I got an ERR_ACCESS_DENIED from my browser when I try to access a web application who needs to have the port 5000 open. I have a firewall with Mandrake 10.1, squid and shorewall.

My network installation : Router Linksys - switch DMZ - Mandrake FW - switch Intranet - Windows client

 

Many thanks for your help

Patrick

 

Here is the Ethereal trace from the windows client :

CONNECT www.xxx.yy:5000 HTTP/1.0

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Host: www.xxx.yy:5000

Content-Length: 0

Proxy-Connection: Keep-Alive

Pragma: no-cache

 

HTTP/1.0 403 Forbidden

Server: squid/2.5.STABLE6

Mime-Version: 1.0

Date: Fri, 30 Dec 2005 10:17:34 GMT

Content-Type: text/html

Content-Length: 1043

Expires: Fri, 30 Dec 2005 10:17:34 GMT

X-Squid-Error: ERR_ACCESS_DENIED 0

X-Cache: MISS from myfirewall@mydomain.com

Proxy-Connection: keep-alive

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;

charset=iso-8859-1">

<TITLE>ERROR: The requested URL could not be retrieved</TITLE>

<STYLE

type="text/css"></STYLE>

</HEAD><BODY>

<H1>ERROR</H1>

<H2>The requested URL could not be retrieved</H2>

<HR noshade size="1px">

<P>

While trying to retrieve the URL:

<A HREF="www.xxx.yy:5000">www.xxx.yy:5000</A>

<P>

The following error was encountered:

<UL>

<LI>

<STRONG>

Access Denied.

</STRONG>

<P>

Access control configuration prevents your request from

being allowed at this time. Please contact your service provider if

you feel this is incorrect.

</UL>

<P>Your cache administrator is <A HREF="rootmailto:root">root</A>.

 

<BR clear="all">

<HR noshade size="1px">

<ADDRESS>

Generated Fri, 30 Dec 2005 10:17:34 GMT by myfirewall@mydomain.com

(squid/2.5.STABLE6)

</ADDRESS>

</BODY></HTML>

Edited by patrickp
Link to comment
Share on other sites

I was just going to say create an acl in the squid.conf to allow the port :P

 

However, adding to the SSL_Port section is OK, but it means everyone gets access to it.

 

You can restrict even further, so that only a single IP address, or multiple IP addresses can only access this port! Just in case you don't want the whole network to have access.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...