[squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 18 14:52:34 UTC 2016
That you proxy refused you connections is correct.
You forgot to define an acl and allow it.
Something like :
acl internal-net 192.168.x.0/.24
and
> http_access allow localhost
http_access allow internal-net
> http_access deny all
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] Namens
> adego70 at gmail.com
> Verzonden: donderdag 18 augustus 2016 15:56
> Aan: squid-users at lists.squid-cache.org
> Onderwerp: [squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS
> Urgentie: Hoog
>
> Hello,
>
> My request concerns SQUID v.3.4.8
> I'm using :
> - DEBIAN Jessie
> - Firefox 48.0
> - simple home network
>
> Actually, I whitelist some http(s) domains with SQUID.
>
> My problem is :
> when I want to go with firefox to any httpS domain which is not
> whitelisted,
> I obtain this error message : "THE PROXY SERVER IS REFUSING CONNECTIONS"
> (example :
> "https://www.pntbrother.com/wp-
> content/uploads/2014/11/proxy_server_refusing
> _connection.jpg ")
> And I have to find a solution for showing the usual HTML error page from
> SQUID (the page I can custom, example : "
> http://cdn.krizna.com/wp-
> content/uploads/2012/08/squid_proxy_server_block.jp
> g ")
>
>
> Here is my "squid.conf" :
> acl whitelist_prim dstdomain "/etc/squid3/whitelist_primaire"
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
>
> http_access allow whitelist_prim
>
> http_access allow localhost
> http_access deny all
> http_port 3128
> coredump_dir /var/spool/squid3
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
>
>
> Here is my " whitelist_primaire" file :
> .google.com
> .google.fr
> .bing.com
> .ubuntuforums.org
> .squid-cache.org
> .facebook.com
>
> Here is the result of " sudo tail -f /var/log/squid3/access.log " for this
> url https://www.waze.com :
> 1471512108.462 1 192.168.0.14 TCP_DENIED/403 3628 CONNECT
> www.waze.com:443 - HIER_NONE/- text/html
>
>
> I already try "deny_info" ( there
> :http://digitizor.com/how-to-change-the-default-error-document-pages-in-
> squi
> d/ ), but without success.
>
> Is it possible to have a solution (with simple solution : ACLs...) for
> httpS
> domains ?
>
> Any advice will be appreciated.
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list