On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal < jetsystemservi...@gmail.com> wrote:
> I do not know the correct terms to the problem I have. > > I have some clients that use a program that tries to connect to: > https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc > > note that there is nothing between "//" and "neodecksoftware.com"... [snip] > > ------------------------------------------------------------ > ---------------------------------- > 1475581614.208 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT > neodecksoftware.com:443 - HIER_NONE/- text/html > 1475582327.774 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT > neodecksoftware.com:443 - HIER_NONE/- text/html > > note that the ACL applies on that connect string. Specifically " neodecksoftware.com" > /var/squid/acl/whitelist.acl: > [snip] > .assertus.com > .neodecksoftware.com your whitelist for this domain says that it has "something" followed by that domain name... > > .office.net [snip] > > # This file is automatically generated by pfSense > # Do not edit manually ! > > http_port 192.168.1.1:3128 > http_port 127.0.0.1:3128 > [snip] > acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" > and your ACL refers to a regular expression... > http_access allow manager localhost > [snip] > # Always allow access to whitelist domains > http_access allow whitelist > and you allow that whitelist... in the end, your regular expression doesn't match. "." means "any single character". you should replace that line with something like this: ^neodecksoftware\.com (this is untested). Note that all your entries need adjusting as well (they may be working, but not matching the way you think they do). HTH, Jok
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users