[squid-users] domain in whitelist being denied
Alex Rousskov
rousskov at measurement-factory.com
Wed Apr 10 19:21:55 UTC 2019
On 4/10/19 8:37 AM, Erick Perez - Quadrian Enterprises wrote:
> I have added a new domain in my whitelist in squid (no caching, just
> block/deny) and the domain is being blocked. suggestions?
In general:
1. Figure out which directive denies the transaction.
2. Adjust your configuration to allow the transaction.
Specifically in your case, I suspect that
#1 will point you to the "deny CONNECT !SSL_ports" rule and
#2 would result in adding port 8441 to the SSL_ports ACL.
You may also want to remove port 8441 from Safe_ports, depending on how
you use Safe_ports, and whether you consider port 8441 "safe" for your
specific usage.
HTH,
Alex.
> url: https://www.sqlsoftware.nom.co:8441
>
> #/etc/squid/alloweddomains
> .sqlsoftware.nom.co
>
> #access.log
> #
> 1554650994.238 0 10.231.0.53 TCP_DENIED/403 3742 CONNECT
> www.sqlsoftware.nom.co:8441 - NONE/- text/html
> 1554650994.254 0 10.231.0.53 TCP_DENIED/403 3742 CONNECT
> www.sqlsoftware.nom.co:8441 - NONE/- text/html
> #
>
> #squid.conf
> #
> acl mylan src 10.230.0.0/16
> acl allowedsites dstdomain "/etc/squid/alloweddomains"
> acl Safe_ports port 8441 # sqlsoftware.nom.co
> acl CONNECT method CONNECT
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> http_access allow mylan allowedsites
> #
More information about the squid-users
mailing list