<div dir="ltr"><div>Ah!</div><div><br></div><div>That was it. Somehow I was confused and thought that Safe_ports and SSL_ports were kindof similar. I obviously need to be less confused and "think" less (rather "know" more).</div><div><br></div><div>Thank you for you time and help!</div><div><br></div><div>//Martin S<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Den fre 27 sep. 2019 kl 12:03 skrev Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">>> On 27/09/19 7:56 pm, Martin S wrote:<br>
>> > OK, did that<br>
>> ><br>
>> > # Example rule allowing access from your local networks.<br>
>> > # Adapt localnet in the ACL section to list your (internal) IP networks<br>
>> > # from where browsing should be allowed<br>
>> > http_access allow localnet<br>
>> > http_access allow localhost<br>
>> ><br>
>> > # And finally deny all other access to this proxy<br>
>> > http_access deny all<br>
>> ><br>
>> > I now noticed that it denies access through https.<br>
<br>
>Den fre 27 sep. 2019 kl 10:26 skrev Amos Jeffries <<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>>:<br>
>> What are you seeing that makes yo think that?<br>
>><br>
>> The config shown with the above change made allows localnet clients to<br>
>> request https:// URLs through the proxy as well as http:// and the other<br>
>> protocols.<br>
<br>
On 27.09.19 10:54, Martin S wrote:<br>
>Going to 1<a href="http://92.168.0.6:10000" rel="noreferrer" target="_blank">http://92.168.0.6:10000</a> now lets me access the page. However,<br>
>that page requires a https login. So, there is a link to<br>
><a href="https://192.168.0.6:10000" rel="noreferrer" target="_blank">https://192.168.0.6:10000</a><br>
><br>
>Clicking the link to go to the https site produces "The proxyserver denies<br>
>the connection".<br>
><br>
>Changing the internet connection to *not* use Squid, then I have no<br>
>problems accessing <a href="https://192.168.0.6:10000" rel="noreferrer" target="_blank">https://192.168.0.6:10000</a>.<br>
<br>
10000 (i assume webmin) is non-standard port from https point of view.<br>
within squid it must be allowed.<br>
<br>
acl SSL_ports port 10000<br>
<br>
However, if you can connect directly, you should do so (configure web<br>
browser to use direct connections to 192.168.*).<br>
<br>
It's possible that CONNECT ports over 1024 will be allowed but this must be<br>
discused and agreed on (unless such discussion was already done in the near<br>
past and the agreement was not made).<br>
<br>
-- <br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
Spam is for losers who can't get business any other way.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature">Regards,<br><br>Martin S</div>