[squid-users] Whitelist ONLY exception isn't working correctly

Alex Rousskov rousskov at measurement-factory.com
Mon May 14 00:35:26 UTC 2018


On 05/13/2018 06:15 PM, Martin Hanson wrote:

> # THIS ISN'T WORKING!!!
> # https://www.ubuntu.com is blocked with "Access Denied" from Squid.
> http_access allow windows_boxes whitelist

I suspect the request is blocked during SslBump step1 because there is
not enough information in the fake CONNECT request for ssl::server_name
to match ubuntu.com. Please keep in mind that ssl::server_name does not
do (reverse) DNS lookups, and the fake CONNECT request during step1 only
has an IP address, not a domain name.

One way to test this theory is to (temporary) http_access allow CONNECT
requests to (ubuntu) IP addresses. Does that get you to SslBump step2,
where the fake CONNECT usually gets a domain name?


HTH,

Alex.


More information about the squid-users mailing list