[squid-users] Squid and SSL Bump

Yoinier Hernandez Nieves yoinier.hn at gmail.com
Fri Jan 12 13:00:40 UTC 2018 

A non-text attachment was scrubbed...
Name: squid.conf
Type: application/octet-stream
Size: 13414 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180112/aeb1b6b0/attachment.obj>
-------------- next part --------------

The user ynieves is member of ad groups “internet”, “socialNetwork”, “youtube” and “moderadoresSocNet"

Thanks.

Yoinier Hernandez Nieves.

> El 11/01/2018, a las 10:47 a.m., Amos Jeffries <squid3 at treenet.co.nz> escribió:
> 
> On 12/01/18 03:24, Yoinier Hernandez Nieves wrote:
>>> El 11/01/2018, a las 12:46 a.m., Amos Jeffries escribió:
>>> 
>>> On 11/01/18 09:33, Yoinier Hernandez Nieves wrote:
>>>> I try connect direct to the proxy, and this is the result
>>>> 1515616366.189   1359 aaa.aaa.aaa.aaa TAG_NONE/200 0 CONNECT www.ssllabs.com:443 <http://www.ssllabs.com:443> ynieves HIER_DIRECT/64.41.200.100 -
>>>> 1515616366.207      0 aaa.aaa.aaa.aaa TCP_DENIED/403 4419 GET https://www.ssllabs.com/ssltest/viewMyClient.html ynieves HIER_NONE/- text/html
>>>> 1515616366.244      0 aaa.aaa.aaa.aaa TAG_NONE/503 4914 GET http://artemisa.conalza.co.cu:3128/squid-internal-static/icons/SN.png ynieves HIER_DIRECT/64.41.200.100 text/html
>>>> How I can fix this.??
>>> 
>>> 
>>> What exactly do you think needs "fixing” ?
>> I need fix the problem with the auth failure.
>> Hi say:
>> Sorry, you are not currently allowed to request https://www.google.com/search? from this cache until you have authenticated yourself.
>> But I stay authenticated, see the log, user, ynieves.
> 
> Then something in your squid.conf is forbidding username ynieves access to use the proxy and defining that other username might be allowed. But it provides that info far too late to re-authenticate the already finished CONNECT message with usable credentials.
> 
> Please post *all* of your squid.conf settings so we can look in places you might not have expected to find auth relationships. Just exclude empty lines and # comments.
> 
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list