[squid-users] Blocking CONNECT

johnr johnrefwe at mail.com
Thu Aug 1 02:44:12 UTC 2019


Hi,

Squid conf:
acl CONNECT method CONNECT
acl to_bad_ip dst 55.55.2.3
http_access deny CONNECT to_bad_ip

In the above squid config, if I were to try go to https://55.55.2.3:443 I
would get an ACCESS DENIED but squid would not block the CONNECT (it would
respond to 200) and then block the subsequent HTTP request. Is it possible
to tell squid to block the CONNECT? I do server-first SSL bump so if I don't
block the CONNECT squid will reach out to the upstream server which I don't
want it to do. I know this would make it impossible to serve the block page
and have the browser show an error but I don't mind about that.  



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list