[squid-users] HTTPS - THE PROXY SERVER IS REFUSING

adego70 at gmail.com adego70 at gmail.com
Fri Aug 19 11:37:42 UTC 2016


Thank you for your help (both L.P.H. van Belle & Amos Jeffries).

I changed my squid.conf but now, I don't obtain any url deny...
In fact, any http & https url are allowed even if they not in whitelist_primaire.
I made many tests but I can't find the good way...
Please find enclosed the conf for Firefox.

My new conf :
http_port 3128
acl localnet src 192.168.0.0/24 # RFC 1918 local private network (LAN)

acl SSL_ports port 443

acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 1025-65535  # unregistered ports

acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager


acl whitelist_prim dstdomain "/etc/squid3/whitelist_primaire"
http_access deny !whitelist_prim

http_access allow localnet
http_access allow localhost
http_access deny all

coredump_dir /var/spool/squid3

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320








-------------- next part --------------
A non-text attachment was scrubbed...
Name: 45852.png
Type: image/png
Size: 22990 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160819/dc6209e5/attachment-0001.png>


More information about the squid-users mailing list