[squid-users] cannot access squid with https_port: 403
Amos Jeffries
squid3 at treenet.co.nz
Tue Sep 3 12:03:47 UTC 2019
On 3/09/19 8:46 pm, fansari wrote:
> I have to setup a TLS proxy connection between client and squid. My config is
> working with http_port (without TLS) but as soon as I try https_port it does
> not work (squid 3.5.23 compiled with --enable-ssl' '--enable-ssl-crtd'
> '--with-openssl').
>
> What I am trying to achieve is a proxy for https content. When I access the
> squid I always get a 403 error code (I am testing with curl).
>
> curl --proxy ${PROXY} --cacert ${CERT} --proxy-insecure --insecure ${URL}
>
> 1567498682.392 3 xxx.xxx.0.239 TCP_DENIED/200 0 CONNECT xxx.xxx.0.1:3129
> - HIER_NONE/- -
You have either opened a TCP connection directly to the "intercept" port
or told Squid to do so on a CONNECT transaction to port 3128.
Only NAT systems can send traffic to an intercept port. That's what the
intercept means.
You must test the proxy with traffic a client would actually send. In
the same way the clients would normally use it.
Amos
More information about the squid-users
mailing list