[squid-users] cannot access squid with https_port: 403

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 3 13:06:45 UTC 2019

On 4/09/19 12:29 am, fansari wrote:
> Thank you for your reply.
> If I drop the keyword "intercept" I get this error message when starting
> squid:
> FATAL: ssl-bump on https_port requires tproxy/intercept which is missing.
> Using "tproxy" does not help me either - I also end up with 403.
> What I want to achieve with my scenario is just caching of https content.

What you have configured is *a* valid configuration for that to happen.

Your test is what is wrong _for that port_.

> Regarding the clients of the real scenario: this will be a Chromium
> application so I could setup a .pac file for example. But before testing
> this I want to have a successful curl test.

Aha. This was the critical missing information.

That means the http_port and ssl_bump lines are what you actually need
to be using.

Remove that https_port line entirely.

Also, remove these lines:
 acl bumpedPorts myportname 3129

 http_access allow CONNECT bumpedPorts
 http_access allow CONNECT our_proxy

Instead you should have your normal http_access rule(s) for determining
which clients are allowed to use the proxy. If they are allowed to use
the proxy they are allowed to do CONNECT already for the https:// traffic.

Test it like this:
  curl --proxy --cacert ${CERT} https://example.com/


More information about the squid-users mailing list