[squid-users] Squid 4.0.10 https intercept

Amos Jeffries squid3 at treenet.co.nz
Wed May 11 11:43:52 UTC 2016

On 11/05/2016 6:35 p.m., Компания АйТи Крауд wrote:
> hi!
> I use squid 4.0.10 in INTERCEPT mode. If I deny some users
> (ip-addresses) with
> acl users_no_inet src "/etc/squid/ip-groups/no-inet"
> http_access deny users_no_inet
> ERR_ACCESS_DENIED is displayed then go to HTTP. If go to HTTPS then
> first I see browser's NET::ERR_CERT_AUTHORITY_INVALID, and then click
> "unsecure" see ERR_ACCESS_DENIED.
> How to make that right display ERR_ACCESS_DENIED on HTTPS for deny user
> in Squid 4.0 ?

What you describe above is correct behaviour. The browser does not trust
your proxy's CA.

The only way to get around the browser warning about TLS security issue
is to install the CA used by the proxy into the browser trusted CA set.


More information about the squid-users mailing list