Interface Access Blocked- Access Denied

Interface Access Blocked- Access Denied

Issue

You may get locked out yourselves whenever you are trying to create policies in the Access Restrictions section of SafeSquid.
You suddenly get messages as Access Denied on the browser.

Root Cause

SafeSquid actually evaluates entries in the Access Restrictions one by one from top-down order matching each entry with the connection. Once an entry with an IP address or the user name matches a connection, the following entries will not be evaluated against that connection.
So, once you are trying to create an entry in the Access Restrictions, always make sure that there is at least one entry that is going to allow you to access the web interface (http://safesquid.cfg/). This in other words means that there must be an entry that matches your connections and has Web interface (Config) selected from the Access field.

Example

Consider a scenario wherein you have three entries in the Allow List of Access Restrictions section.
The first one is to access the web interface via SSH tunnel.
The second one is to allow the AUTHENTICATION BYPASS profile.
The third one is the entry through which you're accessing the internet.
You have created another entry in which you have removed the Web interface in the Access field and added it. The entry is added as the fourth one and you have moved it to 3rd by clicking on move up. Now the third entry matches your connections (since the first is for SSH tunnels and the second is for the AUTHENTICATION BYPASS profile) in which you have disabled the Web interface. So, you will be locked out and given a template Access Denied.
To avoid this kind of situation, you always need to maintain an entry that allows you to access the Web interface.

Troubleshooting

You have a couple of options to get out of this situation.
If you can restart the SafeSquid service, just do a restart. Check this Link for restarting SafeSquid from the terminal (Linux box).
If you do not have a choice to restart the service, take an SSH tunnel access the interface and correct the entries. Check this Link to access the Web interface by taking an SSH tunnel.




    • Related Articles

    • Whitelisted Website Blocked

      Issues The company policy is all the websites that come under the social network category are blocked for all employees, but the company wants to whitelist a few social networking websites. We add those websites to the whitelist category but still ...

    • Website blocked with Text analyzer

      Issue The website is blocked due to the text analyzer. Solution You must add this website to the white list category using custom categories. Here are the steps: Refer to the link: How to allow specific websites through category. Access the SafeSquid ...

    • Unblock the blocked website

      Overview Some of the websites are blocked due to the entries created in the SafeSquid configuration. We don't know which security filter is the reason for blocking. We need to identify the filter and based on that create the new entry to allow the ...

    • Restart the SafeSquid Service from Interface

      Overview Restart your SafeSquid service without access to the Server. Prerequisites Make sure that the Monit service is running on your SafeSquid service. Check for monit service: pidof monit if you did not find the pid of monit then start the monit ...

    • Using SSH Tunnels to Access the SafeSquid Admin Interface

      SSH tunnelling, or SSH port forwarding, is a method of transporting arbitrary data over an encrypted SSH connection. SSH tunnels allow connections made to a local port (that is, to a port on your desktop) to be forwarded to a remote machine via a ...