[squid-users] Newbie question, How to fully disable/disallow https?

Antony Stone Antony.Stone at squid.open.source.it
Tue Jun 22 20:44:33 UTC 2021


On Tuesday 22 June 2021 at 22:37:16, Alex Rousskov wrote:

> On 6/22/21 4:28 PM, Arctic5824 wrote:
> > 
> > Hey! thanks for the info, I just tried that but it seems https is still
> > being allowed, and I can see it in the logs as well "TCP_TUNNEL/200 717
> > CONNECT s.youtube.com:443 -"
> > my config is https://pastebin.com/8txzkEnG
> > and a version of the config without comments:
> > https://pastebin.com/zuJYQpXW

> Squid bugs notwithstanding, either your Squid is not running with the
> configuration that you have shared with us OR that logged request comes
> from localhost. If you are not sure, I suggest shutting down Squid,
> making sure that nobody listens on port 3128 and then restarting Squid.
> Due to the first http_access rule, the test request must not come from
> the same machine Squid runs on.

I would also comment on:

#http_access deny !Safe_ports

Has that been consciously and deliberately commented-out?

#http_access allow localnet
http_access allow localhost

Is that a typo?  Did you mean to allow access from your local networks, rather 
than just from localhost?

#http_access deny all

Has that been consciously and deliberately commented-out?


Antony.

-- 
Behind the counter a boy with a shaven head stared vacantly into space,
a dozen spikes of microsoft protruding from the socket behind his ear.

 - William Gibson, Neuromancer (1984)

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list