[squid-users] HTTPS site filtering

roadrage27 alex.tate at gmail.com
Fri Jan 20 16:52:00 UTC 2017


I was able to resolve my issue partially.  I burned down the server and
rebuilt it clean so all previous changes that were made attempting to make
SSL work were gone.  Once i reloaded squid and the config files i was able
to allow SSL traffic using the dstdomain acl type.  I currently have a few
URLS that are regex type that need to be allowed so im currently cranking
out those.

On Fri, Jan 20, 2017 at 8:36 AM roadrage27 [via Squid Web Proxy Cache] <
ml-node+s1019090n4681219h44 at n4.nabble.com> wrote:

> >That tells me either you have screwed up the CONNECT ACL definition. Or
> >the SSL_ports one.
> Very possible as im pretty green on squid, my current conf file is below.
>  with that conf the SSL sites just sit and spin until the eventually time
> out.
>
> acl site_squid_art url_regex ^http://www.squid-cache.org/Artwork
> acl keepgoing dstdomain .plateau.com .skillwsa.com .successfactors.com
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow keepgoing
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #http_access allow CONNECT SSL_ports
> http_access allow localhost manager
> http_access allow site_squid_art
> http_access allow localhost
>
>
> http_port 3132
>
>
> access_log /var/log/squid3/squid3132.log squid
>
> pid_filename /var/run/squid3132.pid
> coredump_dir /var/spool/squid3
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
> #refresh_pattern . 0 20% 4320
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-site-filtering-tp4681198p4681219.html
> To unsubscribe from HTTPS site filtering, click here
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4681198&code=YWxleC50YXRlQGdtYWlsLmNvbXw0NjgxMTk4fDIwMjU4MDQxMw==>
> .
> NAML
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-site-filtering-tp4681198p4681224.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list