[squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS

adego70 at gmail.com adego70 at gmail.com
Thu Aug 18 13:56:11 UTC 2016 

Hello,

My request concerns SQUID v.3.4.8
I'm using :
 - DEBIAN Jessie
 - Firefox 48.0
 - simple home network

Actually, I whitelist some http(s) domains with SQUID.

My problem is :
when I want to go with firefox to any httpS domain which is not whitelisted,
I obtain this error message : "THE PROXY SERVER IS REFUSING CONNECTIONS"
(example :
"https://www.pntbrother.com/wp-content/uploads/2014/11/proxy_server_refusing
_connection.jpg ")
And I have to find a solution for showing the usual HTML error page from
SQUID (the page I can custom, example : "
http://cdn.krizna.com/wp-content/uploads/2012/08/squid_proxy_server_block.jp
g ")


Here is my "squid.conf" :
acl whitelist_prim dstdomain "/etc/squid3/whitelist_primaire"

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

http_access allow whitelist_prim

http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320



Here is my " whitelist_primaire" file :
.google.com
.google.fr
.bing.com
.ubuntuforums.org
.squid-cache.org
.facebook.com

Here is the result of " sudo tail -f /var/log/squid3/access.log " for this
url https://www.waze.com :
1471512108.462      1 192.168.0.14 TCP_DENIED/403 3628 CONNECT
www.waze.com:443 - HIER_NONE/- text/html


I already try "deny_info" ( there
:http://digitizor.com/how-to-change-the-default-error-document-pages-in-squi
d/ ), but without success.

Is it possible to have a solution (with simple solution : ACLs...) for httpS
domains ?

Any advice will be appreciated.

More information about the squid-users mailing list