Squid 3.1.20 pkg 2.0.6 - custom option question



  • I've got squid 3.1.20 with squidGuard-squid3 1.4_4 pkg v.1.9.5 running happily. Today I tried to set up a utorrent download and it fails repeatedly with messages like:

    TCP_DENIED/403 some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port

    So I tried to set some custom squid.conf options like this:

    _acl utorrent src the_rfc_1918_address_utorrent_is_using/24
    acl utorrent_port port utorrent's_port
    acl CONNECT method CONNECT

    http_access allow CONNECT utorrent_

    And it still fails with the same message. So I went to my squid.conf and it seems the custom options are put right down the bottom, but earlier in the file there is:

    http_access deny CONNECT !sslports

    which I'm guessing matches well before my allow line and therefore utorrent is blocked. I'm a squid.conf noob so go easy, but is there something I'm missing, to allow utorrent past?



  • Add the ports you need as ssl ports and save config.
    IIRC, it's on access lilst tab.



  • Thanks marcelloc. Doing that at least changed the error message to:

    TCP_MISS/503 0 CONNECT some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port - DIRECT/some_rfc_1918_address_but_not_in_my_local_net

    Maybe it's something to do with the CONNECT method? Where I'd normally expect the GET method?



  • @Legion:

    Thanks marcelloc. Doing that at least changed the error message to:

    TCP_MISS/503 0 CONNECT some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port - DIRECT/some_rfc_1918_address_but_not_in_my_local_net

    Maybe it's something to do with the CONNECT method? Where I'd normally expect the GET method?

    This torrent maybe trying to connect via ssl, that's why you only see CONNECT on logs