Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: OzMoosis on March 07, 2007, 02:39:20 PM

Title: Access https via port 543
Post by: OzMoosis on March 07, 2007, 02:39:20 PM

Hi,

Since the update to SME 7.1.2 I have encountered this problem:

In 2 different locations I have 2 SME servers, one acts as gateway, the other is server-only. At the server-only location I have port 543 routed (through the ADSL modem there) to port 443 on the SME server. When I now try to access the server-manager at that location (https://www.xxx.com:543/server-manager) I get this error:

Access Denied.
Access control configuration prevents your request from being allowed at this time.

I have it set up like this beacause there are multiple HTTPS sites at the location in question.

Am I right in thinking that this is a Squid-thing, and if so how can I change the configuration to allow access through port 543?

Thanks,

Oz

(Sorry, put this in wrong forum...)

Title: Access https via port 543
Post by: bpivk on March 07, 2007, 04:22:01 PM

This should work (i have found this using the search function). :)

Try this. Edit you /etc/squid/squid.conf file. On the acl SSL_ports line add 5443. Then do a
/etc/rc.d/rc7.d/S90squid restart

Try your connection. If it doesn't work, then try the same edit but on the acl Safe_ports line, and restart squid.

If one of the above options work, then go to
/etc/e-smith/templates/etc/squid/squid.conf and either edit 20ACL15SSL_ports or 20ACL15Safe_ports depending on which worked above.

Then do a /sbin/signal-event/expand-template
/etc/squid/squid.conf, then restart squid again and you will be in business.

If you'd rather use a templates-customer template you could do that as well. mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf. Then copy one of the 2 20ACL files from above to this directory, make your changes, expand template, and restart squid.[/quote]

Title: Access https via port 543
Post by: OzMoosis on March 07, 2007, 05:23:19 PM

Thanks, bpivk,

worked perfectly! And good find by the way, I hadn't found this answer!!

Oz

Title: Access https via port 543
Post by: mrjhb3 on March 08, 2007, 12:00:14 AM

I've had to do the same thing recentry for some SSL_ports.  What would be better is if someone opened a NFR to have a SSLPorts DB entry added for squid.  The SafePorts are already there, so it shouldn't take much to add the SSLPorts

config show squid
squid=service
    EnforceSafePorts=no
    SafePorts=21,70,80,81,119,210,443,563,980,1024-65535
    TCPPort=3128
    TCPProxyPort=80:3128
    TransparentPort=3128
    access=private
    status=enabled


That way users could do - config setprop squid SSLPorts 443,10000 ; signal-event remoteaccess-update.

I may try to open the request myself in the next few days.

John