[squid-users] Https inception gives 503 error

mandev selimakpinar at protonmail.com
Sun Dec 8 07:35:18 UTC 2019 

Hi,

I am using pfsense with squid and squidguard for web filtering without
client side certificate installation. I did manage to block pages and mostly
error free internet traffic. But for the last thing i cannot work it. I want
to redirect users to a block page and i did this with http but cannot do
this with https. When a blocked page visited it gives
"SSL_ERROR_RX_RECORD_TOO_LONG" error. Debug it a lot for this issue and my
founding are below and config files are attached (its pfsense so not much
mostly automatic files);

When i access a http page this is how squid redirects:

2019/12/08 06:32:02.735 kid1| 5,3| comm.cc(553) commSetConnTimeout:
local=34.249.120.252:80 remote=192.168.10.10:35178 FD 18 flags=33 timeout
86400
2019/12/08 06:32:02.735 kid1| 23,3| url.cc(371) urlParse: urlParse: Split
URL 'http://hurriyet.com.tr/' into proto='http', host='hurriyet.com.tr',
port='80', path='/'
2019/12/08 06:32:02.735 kid1| 14,3| Address.cc(389) lookupHostIP: Given
Non-IP 'hurriyet.com.tr': hostname nor servname provided, or not known
2019/12/08 06:32:02.735 kid1| 33,3| client_side.cc(891)
clientSetKeepaliveFlag: http_ver = HTTP/1.1

When i access a https page this happends:

2019/12/08 06:28:14.431 kid1| 23,3| url.cc(371) urlParse: urlParse: Split
URL
'http://192.168.10.1:80/sgerror.php?url=403%20&a=192.168.10.10&n=192.168.10.10&i=&s=default&t=blacklist&u=selimakpinar.com:443'
into proto='', host='http', port='443', path=''
2019/12/08 06:28:14.431 kid1| 14,3| Address.cc(389) lookupHostIP: Given
Non-IP 'http': hostname nor servname provided, or not known
2019/12/08 06:28:14.431 kid1| 61,2| client_side_request.cc(1286)
clientRedirectDone: URL-rewriter diverts URL from selimakpinar.com:443 to
http:443
2019/12/08 06:28:14.431 kid1| 83,3| client_side_request.cc(1743) doCallouts:
Doing calloutContext->clientAccessCheck2()

access.log;

1575790083.949      7 192.168.10.10 TAG_NONE/200 0 CONNECT 104.18.58.42:443
- HIER_NONE/- -
1575790084.047     99 192.168.10.10 TAG_NONE/503 0 CONNECT
selimakpinar.com:443 - HIER_NONE/- -


squid.conf
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377846/squid.conf>  
squidGuard.conf
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377846/squidGuard.conf>  





--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list