whitelist url with https and port number.

tropicalview

196
+0/-0

whitelist url with https and port number.

« on: August 18, 2007, 07:15:38 PM »

Dear all,

I like to whitelist this url in dansguardian:

https://xxx.xxxxxxx.xxx:32001/mail/ (now it's solved i masked out the address. i'm sorry security reasons.)

how can i do that.
i tried to put in into:

exceptionsitelist
exceptionurllist

but did not work (yes i did restart dansguardian)

Code: [Select]

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: mail.luzac.nl:32001 

The following error was encountered: 

Access Denied. 
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. 

Your cache administrator is admin@abeltasmancur.com. 



--------------------------------------------------------------------------------

Generated Sat, 18 Aug 2007 19:42:58 GMT by studenten-srv.abeltasmancur.com (squid/2.5.STABLE14)

« Last Edit: August 19, 2007, 10:43:39 PM by tropicalview »

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Franco

1,171
+0/-0

Re: whitelist url with https and port number.

« Reply #1 on: August 18, 2007, 11:15:11 PM »

The problem is that it's an unusual port, so squid isn't allowing you.
You need to edit:

Code: [Select]

nano /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_portsadd the desired port, 32001 in your case, then:

Code: [Select]

expand-template /etc/squid/squid.conf
svc -t /service/squid

now it should work.

Logged

raem

3,972
+4/-0

Re: whitelist url with https and port number.

« Reply #2 on: August 19, 2007, 02:49:53 AM »

stuntshell

That's bad advice to edit existing templates

The sme best practice is to create custom templates ie make a copy of the original template fragment(s) and edit that instead.
That way if your server gets corrupted by your own doings, you can delete any custom templates and revert your system to default settings (which are in the templates/db)
Note also the latest correct way to restart services in sme 7.2 (sv not svc)

Code: [Select]

mkdir -p  /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15SSL_ports 
nano /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports

add the desired port, 32001 in your case, then:

Code: [Select]

expand-template /etc/squid/squid.conf
sv t /service/squid

Logged

...

Franco

1,171
+0/-0

Re: whitelist url with https and port number.

« Reply #3 on: August 19, 2007, 03:52:01 AM »

there we go,
Thanks Ray for correcting me!

Logged

tropicalview

196
+0/-0

Re: whitelist url with https and port number.

« Reply #4 on: August 20, 2007, 04:16:02 PM »

Hi,

Thanks for the responce.

i tried this, but it did not work.

the contents of the file:
/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports

is now:

Code: [Select]

acl SSL_ports port 443 563 32001

DId i made the change to the file correct?

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Franco

1,171
+0/-0

Re: whitelist url with https and port number.

« Reply #5 on: August 21, 2007, 04:44:53 AM »

Quote

the contents of the file:
/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports

Is this after you expanded the template and restarted squid?

Logged

tropicalview

196
+0/-0

Re: whitelist url with https and port number.

« Reply #6 on: August 21, 2007, 04:57:18 AM »

Yes, i even restarted the whole machine.

But still it's not accessable.

Some strange thing i noticed was this:

Code: [Select]

[root@studenten-srv lists]# /etc/init.d/squid restart                           
Stopping squid:                                            [  OK  ]
Starting squid:                                            [FAILED]

What can i try furter? and do you need information from log files??? if yes, what log file? i will send it to you without any problems.

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

raem

3,972
+4/-0

Re: whitelist url with https and port number.

« Reply #7 on: August 21, 2007, 05:03:55 AM »

tropicalview

> /etc/init.d/squid restart

That command is deprecated in many/most cases.
It's better/correct in sme7.2 to use
sv t /service/squid

as advised earlier in this post.

Logged

...

Franco

1,171
+0/-0

Re: whitelist url with https and port number.

« Reply #8 on: August 21, 2007, 05:17:24 AM »

Code: [Select]

sv t /service/squid to restart squid.

Code: [Select]

mkdir -p  /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15SSL_ports 
nano /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15SSL_ports

should look like (mine at least):

Code: [Select]

acl SSL_ports port 81 443 444 563 32001

Code: [Select]

expand-template /etc/squid/squid.conf
sv t /service/squid

That's exactly what's needed to get it working.
On your first thread you removed the IP but left the hostname, so I was able to test it.
You need to accept the Certificate.

Logged

tropicalview

196
+0/-0

Re: whitelist url with https and port number.

« Reply #9 on: August 21, 2007, 07:12:00 PM »

Hi stuntshell,

I tried everything again, and now indeed it works.
What was wrong the fist time is unknown for me.

THe important thing is, it works.

Thanks for the great help and I will do an aditional donation to the SME community.

THANKS ALL>

Logged

The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)