Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: tropicalview on August 18, 2007, 07:15:38 PM
-
Dear all,
I like to whitelist this url in dansguardian:
https://xxx.xxxxxxx.xxx:32001/mail/ (now it's solved i masked out the address. i'm sorry security reasons.)
how can i do that.
i tried to put in into:
exceptionsitelist
exceptionurllist
but did not work (yes i did restart dansguardian)
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: mail.luzac.nl:32001
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is admin@abeltasmancur.com.
--------------------------------------------------------------------------------
Generated Sat, 18 Aug 2007 19:42:58 GMT by studenten-srv.abeltasmancur.com (squid/2.5.STABLE14)
-
The problem is that it's an unusual port, so squid isn't allowing you.
You need to edit:
nano /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_portsadd the desired port, 32001 in your case, then:
expand-template /etc/squid/squid.conf
svc -t /service/squid
now it should work.
-
stuntshell
That's bad advice to edit existing templates
The sme best practice is to create custom templates ie make a copy of the original template fragment(s) and edit that instead.
That way if your server gets corrupted by your own doings, you can delete any custom templates and revert your system to default settings (which are in the templates/db)
Note also the latest correct way to restart services in sme 7.2 (sv not svc)
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15SSL_ports
nano /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports
add the desired port, 32001 in your case, then:
expand-template /etc/squid/squid.conf
sv t /service/squid
-
there we go,
Thanks Ray for correcting me!
-
Hi,
Thanks for the responce.
i tried this, but it did not work.
the contents of the file:
/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports
is now:
acl SSL_ports port 443 563 32001
DId i made the change to the file correct?
-
the contents of the file:
/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports
Is this after you expanded the template and restarted squid?
-
Yes, i even restarted the whole machine.
But still it's not accessable.
Some strange thing i noticed was this:
[root@studenten-srv lists]# /etc/init.d/squid restart
Stopping squid: [ OK ]
Starting squid: [FAILED]
What can i try furter? and do you need information from log files??? if yes, what log file? i will send it to you without any problems.
-
tropicalview
> /etc/init.d/squid restart
That command is deprecated in many/most cases.
It's better/correct in sme7.2 to use
sv t /service/squid
as advised earlier in this post.
-
sv t /service/squid to restart squid.
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15SSL_ports
nano /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15SSL_ports
should look like (mine at least):
acl SSL_ports port 81 443 444 563 32001
expand-template /etc/squid/squid.conf
sv t /service/squid
That's exactly what's needed to get it working.
On your first thread you removed the IP but left the hostname, so I was able to test it.
You need to accept the Certificate.
-
Hi stuntshell,
I tried everything again, and now indeed it works.
What was wrong the fist time is unknown for me.
THe important thing is, it works.
Thanks for the great help and I will do an aditional donation to the SME community.
THANKS ALL>