Bug#763839: debian-edu-config: Incorrect squid3 configuration block all local clients from using it

To: submit@bugs.debian.org
Subject: Bug#763839: debian-edu-config: Incorrect squid3 configuration block all local clients from using it
From: Petter Reinholdtsen <pere@hungry.com>
Date: Fri, 03 Oct 2014 06:46:21 +0200
Message-id: <[🔎] 2flsij569r6.fsf@diskless.uio.no>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 763839@bugs.debian.org

Package: debian-edu-config
Version: 1.806
Severity: important

After we switched from squid to squid3, the default setup for squid is
no longer being adjusted to allow clients on the local network to use
the squid proxy.  The cfengine rule to update squid.conf no longer work.

I believe this change need to be done to squid.conf to get a squid3
setup that work for us.  We need to update our cfengine rules or figure
out another way to do it.

diff --git a/squid3/squid.conf b/squid3/squid.conf
index e7005a8..256748e 100644
--- a/squid3/squid.conf
+++ b/squid3/squid.conf
@@ -898,11 +898,11 @@
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-#acl localnet src 10.0.0.0/8   # RFC1918 possible internal network
-#acl localnet src 172.16.0.0/12        # RFC1918 possible internal network
-#acl localnet src 192.168.0.0/16       # RFC1918 possible internal network
-#acl localnet src fc00::/7       # RFC 4193 local private network range
-#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 
 acl SSL_ports port 443
 acl Safe_ports port 80         # http
@@ -1053,7 +1053,7 @@ http_access deny manager
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
-#http_access allow localnet
+http_access allow localnet
 http_access allow localhost
 
 # And finally deny all other access to this proxy
@@ -1123,8 +1123,8 @@ http_access deny all
 #      See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 #
 ## Allow HTCP queries from local networks only
-##htcp_access allow localnet
-##htcp_access deny all
+htcp_access allow localnet
+htcp_access deny all
 #Default:
 # Deny, unless rules exist in squid.conf.
 
-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Bug#763839: debian-edu-config: Incorrect squid3 configuration block all local clients from using it
  - From: Wolfgang Schweer <wschweer@arcor.de>
- Bug#763839: marked as done (debian-edu-config: Incorrect squid3 configuration block all local clients from using it)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Switch to more default exim setup for Jessie?
Next by Date: Re: ldap2zone: will some time generate invalid DNS host name entries
Previous by thread: Re: Switch to more default exim setup for Jessie?
Next by thread: Re: Bug#763839: debian-edu-config: Incorrect squid3 configuration block all local clients from using it
Index(es):
- Date
- Thread