[squid-users] Error_directory to https not work
Amos Jeffries
squid3 at treenet.co.nz
Thu Aug 23 04:36:45 UTC 2018
On 23/08/18 11:13 AM, Rodrigo Cunha wrote:
> Dears,
> My squid_http work fine and deny request to https too. But when i
> request https(secure port 443) links deny in file (black_list) my squid
> not report error_directory files, when i send request to http(insecure
> port 80) domain the squid report with error_directory.
>
> What a happen with my squid?Follow my squid.conf.
>
Nothing particular happened.
HTTPS is sent differently through proxies. Using CONNECT requests with
encrypted content. More details on that can be found at
<https://wiki.squid-cache.org/Features/HTTPS>.
Browsers in particular refuse to display error messages sent in response
to CONNECT requests. I think you will find the Squid does send the error
page but the Browser is refusing to display it.
The only thing you can do about this sad situation is use SSL-Bump
feature on the encrypted traffic so Squid can send the error message
within an encrypted response - which the Browser does display *if* it
trusts the proxy TLS certificate used by SSL-Bump.
Please be aware:
SSL-Bump feature is sometimes forbidden or restricted-use by law. So
please get proper legal advice before using it. Anyone helping you setup
the feature will be assuming that you have done that due diligence check.
HTH
Amos
More information about the squid-users
mailing list