<div dir="ltr">
<p>so this is my config file - <br></p><p>#<br># Recommended minimum configuration:<br>#<br><br>#SSL<br>http_port 3128 ssl-bump \<br>cert=/usr/local/squid/etc/ssl_cert/myCA.pem \<br>generate-host-certificates=on dynamic_cert_mem_cache_size=4MB<br>sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB<br>acl step1 at_step SslBump1<br>ssl_bump peek step1<br>ssl_bump bump all<br><br># Example rule allowing access from your local networks.<br># Adapt to list your (internal) IP networks from where browsing<br># should be allowed<br>acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)<br>acl localnet src <a href="http://10.0.0.0/8">10.0.0.0/8</a> # RFC 1918 local private network (LAN)<br>acl localnet src <a href="http://100.64.0.0/10">100.64.0.0/10</a> # RFC 6598 shared address space (CGN)<br>acl localnet src <a href="http://169.254.0.0/16">169.254.0.0/16</a> # RFC 3927 link-local (directly plugged) machines<br>acl localnet src <a href="http://172.16.0.0/12">172.16.0.0/12</a> # RFC 1918 local private network (LAN)<br>acl localnet src <a href="http://192.168.0.0/16">192.168.0.0/16</a> # RFC 1918 local private network (LAN)<br>acl localnet src fc00::/7 # RFC 4193 local private network range<br>acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br><br>acl SSL_ports port 443<br>acl Safe_ports port 80 # http<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 443 # https<br>acl Safe_ports port 70 # gopher<br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 1025-65535 # unregistered ports<br>acl Safe_ports port 280 # http-mgmt<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl CONNECT method CONNECT<br><br>#<br># Recommended minimum Access Permission configuration:<br>#<br># Deny requests to certain unsafe ports<br>http_access deny !Safe_ports<br><br># Deny CONNECT to other than secure SSL ports<br>http_access deny CONNECT !SSL_ports<br><br># Only allow cachemgr access from localhost<br>http_access allow localhost manager<br>http_access deny manager<br><br># We strongly recommend the following be uncommented to protect innocent<br># web applications running on the proxy server who think the only<br># one who can access services on "localhost" is a local user<br>#http_access deny to_localhost<br><br>#<br># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS<br>#<br><br># Example rule allowing access from your local networks.<br># Adapt localnet in the ACL section to list your (internal) IP networks<br># from where browsing should be allowed<br>http_access allow localnet<br>http_access allow localhost<br><br># Squid normally listens to port 3128<br>http_port 3128<br><br># Uncomment and adjust the following to add a disk cache directory.<br>cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256<br><br># Leave coredumps in the first cache dir<br>coredump_dir /usr/local/squid/var/cache/squid<br><br>#<br># Add any of your own refresh_pattern entries above these.<br>#<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern . 0 20% 4320</p><p>as you can see i have removed the whitelist/mime config lines</p><p>but when i come into activating office it just cant get online to do it via the client app installed on my pc</p><p>but internet isnt blocked as i can go to any website<br></p>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 14 Dec 2019 at 08:39, Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 14.12.19 01:46, robert k Wild wrote:<br>
>i have squid installed and its awesome i can whitelist and block mime types<br>
>but when im trying to activate my office 365 going through the proxy i get<br>
>a http denied on this<br>
><br>
>TCP_DENIED/403 3661 GET<br>
><a href="http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt" rel="noreferrer" target="_blank">http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt</a><br>
><br>
>but i have whitelisted the domain ".<a href="http://microsoft.com" rel="noreferrer" target="_blank">microsoft.com</a>" so i really dont<br>
>understand why this is being denied as all the other domains i have<br>
>whitelisted are fone ie there not being denied<br>
<br>
looks like you whitelisted incorrectly. Maybe showing the http_access lines<br>
with related acls could help us to find the issue...<br>
<br>
-- <br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
Save the whales. Collect the whole set.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Regards, <br><br>Robert K Wild.<br></div></div>