[squid-users] Https inception gives 503 error

Amos Jeffries squid3 at treenet.co.nz
Sun Dec 8 11:13:06 UTC 2019

On 8/12/19 8:35 pm, mandev wrote:
> Hi,
> I am using pfsense with squid and squidguard for web filtering without
> client side certificate installation. I did manage to block pages and mostly
> error free internet traffic. But for the last thing i cannot work it. I want
> to redirect users to a block page and i did this with http but cannot do
> this with https. 

You cannot redirect a CONNECT transaction. It is a request to open a tunnel.

If you wish to continue using the very obsolete and unmaintained
squidguard tool you will need to add this to your squid.conf:

 url_rewrite_access deny CONNECT

To do anything like send error pages to users with intercepted HTTPS
traffic requires SSL-Bump to decrypt the tunnel contents first.


More information about the squid-users mailing list