[squid-users] domain in whitelist being denied
Erick Perez - Quadrian Enterprises
eperez at quadrianweb.com
Wed Apr 10 21:56:48 UTC 2019
Alex, it worked perfectly.
removing the previous 8441 acl and the adding
acl SSL_ports port 8441
then a squid reload, all good to go!.
thanks.
---------------------
Erick Perez
Soluciones Tacticas Pasivas/Activas de Inteligencia y Analitica de
Datos para Gobiernos
Quadrian Enterprises S.A. - Panama, Republica de Panama
Skype chat: eaperezh
WhatsApp IM: +507-6675-5083
---------------------
On Wed, Apr 10, 2019 at 2:22 PM Alex Rousskov
<rousskov at measurement-factory.com> wrote:
>
> On 4/10/19 8:37 AM, Erick Perez - Quadrian Enterprises wrote:
>
> > I have added a new domain in my whitelist in squid (no caching, just
> > block/deny) and the domain is being blocked. suggestions?
>
> In general:
>
> 1. Figure out which directive denies the transaction.
> 2. Adjust your configuration to allow the transaction.
>
> Specifically in your case, I suspect that
>
> #1 will point you to the "deny CONNECT !SSL_ports" rule and
>
> #2 would result in adding port 8441 to the SSL_ports ACL.
>
> You may also want to remove port 8441 from Safe_ports, depending on how
> you use Safe_ports, and whether you consider port 8441 "safe" for your
> specific usage.
>
>
> HTH,
>
> Alex.
>
>
> > url: https://www.sqlsoftware.nom.co:8441
> >
> > #/etc/squid/alloweddomains
> > .sqlsoftware.nom.co
> >
> > #access.log
> > #
> > 1554650994.238 0 10.231.0.53 TCP_DENIED/403 3742 CONNECT
> > www.sqlsoftware.nom.co:8441 - NONE/- text/html
> > 1554650994.254 0 10.231.0.53 TCP_DENIED/403 3742 CONNECT
> > www.sqlsoftware.nom.co:8441 - NONE/- text/html
> > #
> >
> > #squid.conf
> > #
> > acl mylan src 10.230.0.0/16
> > acl allowedsites dstdomain "/etc/squid/alloweddomains"
> > acl Safe_ports port 8441 # sqlsoftware.nom.co
> > acl CONNECT method CONNECT
> > # Deny requests to certain unsafe ports
> > http_access deny !Safe_ports
> > # Deny CONNECT to other than secure SSL ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow mylan allowedsites
> > #
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list