[squid-users] cannot access squid with https_port: 403

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 3 12:03:47 UTC 2019

On 3/09/19 8:46 pm, fansari wrote:
> I have to setup a TLS proxy connection between client and squid. My config is
> working with http_port (without TLS) but as soon as I try https_port it does
> not work (squid 3.5.23 compiled with --enable-ssl' '--enable-ssl-crtd'
> '--with-openssl').
> What I am trying to achieve is a proxy for https content. When I access the
> squid I always get a 403 error code (I am testing with curl).
> curl --proxy ${PROXY} --cacert ${CERT} --proxy-insecure --insecure ${URL}
> 1567498682.392     3 xxx.xxx.0.239 TCP_DENIED/200 0 CONNECT xxx.xxx.0.1:3129
> - HIER_NONE/- -

You have either opened a TCP connection directly to the "intercept" port
or told Squid to do so on a CONNECT transaction to port 3128.

Only NAT systems can send traffic to an intercept port. That's what the
intercept means.

You must test the proxy with traffic a client would actually send. In
the same way the clients would normally use it.


More information about the squid-users mailing list