[squid-users] https requests the squid rejects the connection

Amos Jeffries squid3 at treenet.co.nz
Mon Aug 20 20:02:44 UTC 2018


On 21/08/18 6:45 AM, Marcelo J. Martinez wrote:
> sorry, it's a mistake to copy and paste.
> the configuration is:
> 
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access deny manager
> # Deny requests to unknown ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
> 

FYI: current recommended config has the manager lines after the CONNECT
line, that makes Squid a tiny bit faster and safer against CONNECT to
the manager URLs.

That will not solve your current issue though. As Matus said the log
entry (access.log) for the transaction is needed for more info about
what is going on - in particular the URL which is being denied.

I suspect it is simply a normal HTTP request to a port you were not
expecting. You did reduce the Safe_Ports ACL definition significantly.

Amos


More information about the squid-users mailing list