Guest patrickp Posted December 30, 2005 Report Share Posted December 30, 2005 (edited) Hello, I got an ERR_ACCESS_DENIED from my browser when I try to access a web application who needs to have the port 5000 open. I have a firewall with Mandrake 10.1, squid and shorewall. My network installation : Router Linksys - switch DMZ - Mandrake FW - switch Intranet - Windows client Many thanks for your help Patrick Here is the Ethereal trace from the windows client : CONNECT www.xxx.yy:5000 HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: www.xxx.yy:5000 Content-Length: 0 Proxy-Connection: Keep-Alive Pragma: no-cache HTTP/1.0 403 Forbidden Server: squid/2.5.STABLE6 Mime-Version: 1.0 Date: Fri, 30 Dec 2005 10:17:34 GMT Content-Type: text/html Content-Length: 1043 Expires: Fri, 30 Dec 2005 10:17:34 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from myfirewall@mydomain.com Proxy-Connection: keep-alive <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> <STYLE type="text/css"></STYLE> </HEAD><BODY> <H1>ERROR</H1> <H2>The requested URL could not be retrieved</H2> <HR noshade size="1px"> <P> While trying to retrieve the URL: <A HREF="www.xxx.yy:5000">www.xxx.yy:5000</A> <P> The following error was encountered: <UL> <LI> <STRONG> Access Denied. </STRONG> <P> Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. </UL> <P>Your cache administrator is <A HREF="rootmailto:root">root</A>. <BR clear="all"> <HR noshade size="1px"> <ADDRESS> Generated Fri, 30 Dec 2005 10:17:34 GMT by myfirewall@mydomain.com (squid/2.5.STABLE6) </ADDRESS> </BODY></HTML> Edited January 6, 2006 by patrickp Quote Link to comment Share on other sites More sharing options...
Guest patrickp Posted December 31, 2005 Report Share Posted December 31, 2005 (edited) The solution is to add the port 5000 in /etc/squid/squid.conf : acl SSL_ports port 443 563 5000 Patrick Edited January 6, 2006 by patrickp Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted December 31, 2005 Report Share Posted December 31, 2005 I was just going to say create an acl in the squid.conf to allow the port :P However, adding to the SSL_Port section is OK, but it means everyone gets access to it. You can restrict even further, so that only a single IP address, or multiple IP addresses can only access this port! Just in case you don't want the whole network to have access. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.