[squid-users] Newbie question, How to fully disable/disallow https?
Arctic5824
arctic5824 at protonmail.com
Tue Jun 22 20:54:42 UTC 2021
On Tuesday, June 22nd, 2021 at 1:44 PM, Antony Stone <Antony.Stone at squid.open.source.it> wrote:
> On Tuesday 22 June 2021 at 22:37:16, Alex Rousskov wrote:
>
> > On 6/22/21 4:28 PM, Arctic5824 wrote:
> >
> > > Hey! thanks for the info, I just tried that but it seems https is still
> > >
> > > being allowed, and I can see it in the logs as well "TCP_TUNNEL/200 717
> > >
> > > CONNECT s.youtube.com:443 -"
> > >
> > > my config is https://pastebin.com/8txzkEnG
> > >
> > > and a version of the config without comments:
> > >
> > > https://pastebin.com/zuJYQpXW
>
> > Squid bugs notwithstanding, either your Squid is not running with the
> >
> > configuration that you have shared with us OR that logged request comes
> >
> > from localhost. If you are not sure, I suggest shutting down Squid,
> >
> > making sure that nobody listens on port 3128 and then restarting Squid.
> >
> > Due to the first http_access rule, the test request must not come from
> >
> > the same machine Squid runs on.
>
> I would also comment on:
>
> #http_access deny !Safe_ports
>
> Has that been consciously and deliberately commented-out?
>
> #http_access allow localnet
>
> http_access allow localhost
>
> Is that a typo? Did you mean to allow access from your local networks, rather
>
> than just from localhost?
>
> #http_access deny all
>
> Has that been consciously and deliberately commented-out?
>
> Antony.
Hey, all of those where deliberately done, although I have only been using this program for a short amount of time, so they might be incorrect/dumb, I am not sure,
-Arctic
More information about the squid-users
mailing list