[squid-users] Https inception gives 503 error
Amos Jeffries
squid3 at treenet.co.nz
Sun Dec 8 11:13:06 UTC 2019
On 8/12/19 8:35 pm, mandev wrote:
> Hi,
>
> I am using pfsense with squid and squidguard for web filtering without
> client side certificate installation. I did manage to block pages and mostly
> error free internet traffic. But for the last thing i cannot work it. I want
> to redirect users to a block page and i did this with http but cannot do
> this with https.
You cannot redirect a CONNECT transaction. It is a request to open a tunnel.
If you wish to continue using the very obsolete and unmaintained
squidguard tool you will need to add this to your squid.conf:
url_rewrite_access deny CONNECT
To do anything like send error pages to users with intercepted HTTPS
traffic requires SSL-Bump to decrypt the tunnel contents first.
Amos
More information about the squid-users
mailing list