[squid-users] Help with UA filtering in https connections

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Jan 2 14:08:15 UTC 2018

On 02.01.18 06:04, squidnoob wrote:
>In my existing config, i have:
># delay filtering decisions until we get to bumped requests
>http_access allow CONNECT safe_ports
>http_access deny CONNECT
>I understand adding this line that you suggested as it's not already there.
>http_access deny !safe_ports
>However, i don't understand why i would need to add this (http_access deny
>CONNECT !SSL_Ports ) given the two lines above in the existing config. I'm
>probably just misunderstanding how this works.

the two lines above unconditionally allow CONNECT anywhere, you can't deny
it further because no further checking is done.

when using:

http_access deny CONNECT !SSL_ports 

you deny CONNECT request to non-SSL ports and can deny them further.

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name. 

More information about the squid-users mailing list