[squid-users] Squid blocking 192.168.x.x

Martin S shieldfire at gmail.com
Fri Sep 27 10:52:16 UTC 2019 

Ah!

That was it. Somehow I was confused and thought that Safe_ports and
SSL_ports were kindof similar. I obviously need to be less confused and
"think" less (rather "know" more).

Thank you for you time and help!

//Martin S

Den fre 27 sep. 2019 kl 12:03 skrev Matus UHLAR - fantomas <
uhlar at fantomas.sk>:

> >> On 27/09/19 7:56 pm, Martin S wrote:
> >> > OK, did that
> >> >
> >> > # Example rule allowing access from your local networks.
> >> > # Adapt localnet in the ACL section to list your (internal) IP
> networks
> >> > # from where browsing should be allowed
> >> > http_access allow localnet
> >> > http_access allow localhost
> >> >
> >> > # And finally deny all other access to this proxy
> >> > http_access deny all
> >> >
> >> > I now noticed that it denies access through https.
>
> >Den fre 27 sep. 2019 kl 10:26 skrev Amos Jeffries <squid3 at treenet.co.nz>:
> >> What are you seeing that makes yo think that?
> >>
> >> The config shown with the above change made allows localnet clients to
> >> request https:// URLs through the proxy as well as http:// and the
> other
> >> protocols.
>
> On 27.09.19 10:54, Martin S wrote:
> >Going to 1http://92.168.0.6:10000 now lets me access the page. However,
> >that page requires a https login. So, there is a link to
> >https://192.168.0.6:10000
> >
> >Clicking the link to go to the https site produces "The proxyserver denies
> >the connection".
> >
> >Changing the internet connection to *not* use Squid, then I have no
> >problems accessing https://192.168.0.6:10000.
>
> 10000 (i assume webmin) is non-standard port from https point of view.
> within squid it must be allowed.
>
> acl SSL_ports port 10000
>
> However, if you can connect directly, you should do so (configure web
> browser to use direct connections to 192.168.*).
>
> It's possible that CONNECT ports over 1024 will be allowed but this must be
> discused and agreed on (unless such discussion was already done in the near
> past and the agreement was not made).
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Spam is for losers who can't get business any other way.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


-- 
Regards,

Martin S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190927/de105bf1/attachment-0001.html>

More information about the squid-users mailing list