[squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS
adego70 at gmail.com
adego70 at gmail.com
Thu Aug 18 13:56:11 UTC 2016
Hello,
My request concerns SQUID v.3.4.8
I'm using :
- DEBIAN Jessie
- Firefox 48.0
- simple home network
Actually, I whitelist some http(s) domains with SQUID.
My problem is :
when I want to go with firefox to any httpS domain which is not whitelisted,
I obtain this error message : "THE PROXY SERVER IS REFUSING CONNECTIONS"
(example :
"https://www.pntbrother.com/wp-content/uploads/2014/11/proxy_server_refusing
_connection.jpg ")
And I have to find a solution for showing the usual HTML error page from
SQUID (the page I can custom, example : "
http://cdn.krizna.com/wp-content/uploads/2012/08/squid_proxy_server_block.jp
g ")
Here is my "squid.conf" :
acl whitelist_prim dstdomain "/etc/squid3/whitelist_primaire"
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow whitelist_prim
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
Here is my " whitelist_primaire" file :
.google.com
.google.fr
.bing.com
.ubuntuforums.org
.squid-cache.org
.facebook.com
Here is the result of " sudo tail -f /var/log/squid3/access.log " for this
url https://www.waze.com :
1471512108.462 1 192.168.0.14 TCP_DENIED/403 3628 CONNECT
www.waze.com:443 - HIER_NONE/- text/html
I already try "deny_info" ( there
:http://digitizor.com/how-to-change-the-default-error-document-pages-in-squi
d/ ), but without success.
Is it possible to have a solution (with simple solution : ACLs...) for httpS
domains ?
Any advice will be appreciated.
More information about the squid-users
mailing list