Lab: Configure SSH servers and clients and restrict access to the HTTP proxy server


I would like to ask what does “enable back password logins” refer to in question 11?

Furthermore, why does line ‘http_access deny facebook’ has to be placed
below line ‘http_access allow localhost’? Shouldn’t deny lines be placed before allow lines?

Lastly, upon completing all the labs, I noticed squid couldn’t start with: sudo systemctl start squid.service

I have attached the error I received from sudo systemctl status squid.service, in the following screenshots. Thank you.

Lab: Linux Certified System Administrator Training Course (LFCS) | KodeKloud

Hello again!

enable back password logins ought to say re-enable password logins. It’s basically undoing a step you did earlier.

As for restarting squid, I’ll point that out internally. Looks like all the config changes result in an invalid state.


I see. Regarding my second question: why does line ‘ http_access deny facebook ’ has to be placed below line ‘ http_access allow localhost ’? If am not mistaken the relevant video indicates that deny lines should be placed before allow lines in order to be evaluated first regarding ACL rules. Can you please explain?

Squid works by finding the first matching ACL rule that it encounters (from top to bottom) and uses the specified action (allow/deny) and then no other ACLs are tested, so squid will deny access to Facebook and then allow access to localhost and apply other rules in order,
but if you have an ACL rule that allows access to Facebook before the mentioned rule
http_access deny facebook, it will be matched and the search terminates as soon as one of the rules is a match


I defined the following ACL: ''acl facebook dstdomain" in the beginning of the configuration file and placed the line: ‘http_access deny facebook’, directly below it.

Then I proceeded to configure Firefox to use the relevant proxy details:

And finally checked the log file at: /var/log/squid/access.log

Access to is denied. Furthermore, upon typing the address on Firefox I noticed the site was indeed blocked.

I still don’t understand why I should place http_access deny facebook line, after http_access allow localhost line.

Hello again!

The lab team are looking into this lab, as it does have a few issues that you have noted in other posts. Suggest you move on and come back to this when it has reworked.

Hello @Alistair_KodeKloud,

Is there any update regarding the above mentioned issues? Thank you.

I think the main issue has to do with: http_access allow external, which was never defined as an ACL as per lab instructions, but we’re instructed to allow connections from it.