Bug#763839: debian-edu-config: Incorrect squid3 configuration block all local clients from using it
Package: debian-edu-config
Version: 1.806
Severity: important
After we switched from squid to squid3, the default setup for squid is
no longer being adjusted to allow clients on the local network to use
the squid proxy. The cfengine rule to update squid.conf no longer work.
I believe this change need to be done to squid.conf to get a squid3
setup that work for us. We need to update our cfengine rules or figure
out another way to do it.
diff --git a/squid3/squid.conf b/squid3/squid.conf
index e7005a8..256748e 100644
--- a/squid3/squid.conf
+++ b/squid3/squid.conf
@@ -898,11 +898,11 @@
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
-#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
-#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
-#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
-#acl localnet src fc00::/7 # RFC 4193 local private network range
-#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
@@ -1053,7 +1053,7 @@ http_access deny manager
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
-#http_access allow localnet
+http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
@@ -1123,8 +1123,8 @@ http_access deny all
# See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
#
## Allow HTCP queries from local networks only
-##htcp_access allow localnet
-##htcp_access deny all
+htcp_access allow localnet
+htcp_access deny all
#Default:
# Deny, unless rules exist in squid.conf.
--
Happy hacking
Petter Reinholdtsen
Reply to: