access.log: 1534782486.761 0 10.10.1.101 TCP_DENIED/403 3917 CONNECT aus5.mozilla.org:443 - HIER_NONE/- text/html 1534782486.767 0 10.10.1.101 TCP_DENIED/403 3926 CONNECT redirector.gvt1.com:443 - HIER_NONE/- text/html 1534782486.768 0 10.10.1.101 TCP_DENIED/403 4221 GET http://ciscobinary.openh264.org/openh264-win64-0410d336bb748149a4f560eb6108090f078254b1.zip - HIER_NONE/- text/html 1534782606.751 0 10.10.1.101 TCP_DENIED/403 3989 CONNECT blocklists.settings.services.mozilla.com:443 - HIER_NONE/- text/html 1534782606.754 0 10.10.1.101 TCP_DENIED/403 3980 CONNECT firefox.settings.services.mozilla.com:443 - HIER_NONE/- text/html 1534783061.435 0 10.10.1.101 TCP_DENIED/403 3914 CONNECT www.youtube.com:443 - HIER_NONE/- text/html 1534783486.477 0 10.10.1.101 TCP_DENIED/403 4123 GET http://argenteam.net/ - HIER_NONE/- text/html 1534783486.506 0 10.10.1.101 TCP_DENIED/403 4169 GET http://smbserver2:3128/squid-internal-static/icons/SN.png - HIER_NONE/- text/html 1534785311.331 0 10.10.1.101 TCP_DENIED/403 3914 CONNECT www.youtube.com:443 - HIER_NONE/- text/html 1534788567.647 0 10.10.1.101 TCP_DENIED/403 3950 CONNECT safebrowsing.googleapis.com:443 - HIER_NONE/- text/html 1534791437.517 0 10.10.1.101 TCP_DENIED/403 3917 CONNECT aus5.mozilla.org:443 - HIER_NONE/- text/html
Bear in mind that the server is configured to reject the connection from my ip, the problem is that: with http queries, the normal squid error page appears. with https queries, the browser informs me that the proxy rejected the connection and the normal squid page does not appear. ----- Mensaje original ----- De: "Amos Jeffries" <[email protected]> Para: "Posting address" <[email protected]> Enviados: Lunes, 20 de Agosto 2018 17:02:44 Asunto: Re: [squid-users] https requests the squid rejects the connection On 21/08/18 6:45 AM, Marcelo J. Martinez wrote: > sorry, it's a mistake to copy and paste. > the configuration is: > > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > # Deny requests to unknown ports > http_access deny !Safe_ports > # Deny CONNECT to other than SSL ports > http_access deny CONNECT !SSL_ports > FYI: current recommended config has the manager lines after the CONNECT line, that makes Squid a tiny bit faster and safer against CONNECT to the manager URLs. That will not solve your current issue though. As Matus said the log entry (access.log) for the transaction is needed for more info about what is going on - in particular the URL which is being denied. I suspect it is simply a normal HTTP request to a port you were not expecting. You did reduce the Safe_Ports ACL definition significantly. Amos _______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users El contenido del presente mensaje y sus adjuntos es privado, estrictamente confidencial y exclusivo para su destinatario, pudiendo contener informacion protegida por normas legales y de secreto profesional. Bajo ninguna circunstancia su contenido puede ser transmitido o revelado a terceros ni divulgado en forma alguna. En consecuencia de haberlo recibido por error, solicitamos contactar al remitente y eliminarlo de su sistema. AHORRE PAPEL. PIENSE ANTES DE IMPRIMIR. _______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
