[squid-users] Squid 3.5.15 - ERR_CONNECTION_REFUSED while accessing blocked non-HTTPS pages.
Irakli Gobejishvili
irakli.gobejishvili at gmail.com
Wed Apr 12 14:24:31 UTC 2017
Hello everyone.
I am successfully filtering HTTPS traffic with intercept/PBR setup and
users get my custom ERR_ACCESS_DENIED page from Squid. Permitted pages
(both HTTP/HTTPS) also work absolutely fine.
The problem is, when users try to access filtered page with HTTP request,
then they get ERR_CONNECTION_REFUSED in their browsers, instead of seeing
that custom deny page and I see nothing in access.log, as if Squid never
even got the request. If I remove that domain from deny ACL or access it
via HTTPS, then it works fine and can be seen in access.log. What can I do
to fix this?
Relevant fragment from configuration:
acl CONNECT method CONNECT
reply_header_access Alternate-Protocol deny all
ssl_bump stare all
ssl_bump bump all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
acl BADSITES ssl::server_name "/etc/squid/BADSITES"
acl USERS src 10.10.80.0/24
http_access deny BADSITES USERS
http_access allow USERS
http_port 3128
https_port 3130 intercept ssl-bump connection-auth=off
generate-host-certificates=on dynamic_cert_mem_cache_size=8MB
cert=/etc/squid/ssl_cert/CA.pem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170412/acfc83a8/attachment.html>
More information about the squid-users
mailing list