[squid-users] Blocking CONNECT

johnr johnrefwe at mail.com
Thu Aug 1 02:44:12 UTC 2019


Squid conf:
acl to_bad_ip dst
http_access deny CONNECT to_bad_ip

In the above squid config, if I were to try go to I
would get an ACCESS DENIED but squid would not block the CONNECT (it would
respond to 200) and then block the subsequent HTTP request. Is it possible
to tell squid to block the CONNECT? I do server-first SSL bump so if I don't
block the CONNECT squid will reach out to the upstream server which I don't
want it to do. I know this would make it impossible to serve the block page
and have the browser show an error but I don't mind about that.  

Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list