Interface access blocked- Access Denied

Interface access blocked- Access Denied

Issues

You may get locked out yourselves whenever you are trying to create policies in the Access Restrictions section of SafeSquid.
You suddenly get messages as Access Denied on browser

Root Causes

SafeSquid actually evaluates entries in the Access Restrictions one by one from top-down order matching each entry with the connection. Once an entry with an IP address or the user name matches a connection, the following entries will not be evaluated against that connection.
So, once you are trying to create an entry in the Access Restrictions, always make sure that there is at least one entry which is going to allow you to access the web interface (http://safesquid.cfg/). This in other words means that there must be an entry that matches your connections and has Web interface (Config) selected from the Access field.
Example:
Consider a scenario wherein you have three entries in Allow list of Access Restrictions section
The first one is to access the web interface via SSH tunnel.
The second one is to allow the AUTHENTICATION BYPASS profile
The third one is the entry through which you're accessing the internet.
You have created another entry in which you have removed the Web interface in the Access field and added it. The entry is added as fourth one and you have moved it to 3rd by clicking on move up. Now the third entry matches your connections (since first is for SSH tunnels and second is for AUTHENTICATION BYPASS profile) in which you have disabled the Web interface. So, you will be locked out and given a template Access Denied.
To avoid this kind of situation, you always need to maintain an entry that allows you to access the Web interface.

Troubleshooting

You have a couple of options to get of this situation.
If you have a possibility to restart the SafeSquid service, just do a restart. Check this Link for restarting SafeSquid from the terminal (Linux box).
If you do not have a choice to restart the service, take an SSH tunnel and access the interface and correct the entries. Check this Link to access the Web interface by taking an SSH tunnel.




    • Related Articles

    • Website blocked with Text analyzer

      Issue Website is blocked due to text analyzer Solution You need to add this website to the white list category by using custom categories refer the below link How to allow specific website though category Access the SafeSquid interface Go to ...

    • White listed website is blocked

      Issues The company policy is all the websites which are comes under social network category are blocked for all the employees but company wants to whitelist few social networking websites. We add those websites in whitelist category but still while ...

    • Unblock the blocked website

      Overview Some of the websites are blocked due to the entries created in SafeSquid configuration. We don't know which security filter is reason for blocking. We need to identify the filter and based on that create the new entry to allow the blocked ...

    • Restart the SafeSquid Service from Interface

      Overview Restart your SafeSquid service without access to the Server Prerequisites Make sure that Monit service is running on your SafeSquid service. Check for monit service: pidof monit if you did not find pid of monit then start the monit - ...

    • Using SSH Tunnels to Access the SafeSquid Admin Interface

      SSH tunnelling, or SSH port forwarding, is a method of transporting arbitrary data over an encrypted SSH connection. SSH tunnels allow connections made to a local port (that is, to a port on your own desktop) to be forwarded to a remote machine via a ...