[squid-users] HTTPS - THE PROXY SERVER IS REFUSING
adego70 at gmail.com
adego70 at gmail.com
Fri Aug 19 11:37:42 UTC 2016
Thank you for your help (both L.P.H. van Belle & Amos Jeffries).
I changed my squid.conf but now, I don't obtain any url deny...
In fact, any http & https url are allowed even if they not in whitelist_primaire.
I made many tests but I can't find the good way...
Please find enclosed the conf for Firefox.
My new conf :
http_port 3128
acl localnet src 192.168.0.0/24 # RFC 1918 local private network (LAN)
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
acl whitelist_prim dstdomain "/etc/squid3/whitelist_primaire"
http_access deny !whitelist_prim
http_access allow localnet
http_access allow localhost
http_access deny all
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 45852.png
Type: image/png
Size: 22990 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160819/dc6209e5/attachment-0001.png>
More information about the squid-users
mailing list