I have the following problem on my Squid 4.6 on Debian 10. Squid does not redirect the user to the error page when blocking an HTTPS url. On HTTP it works correctly.
I don't use transparent proxy. The proxy is manually configured in the web browser. Here is my squid.conf configuration file: http_port 3128 cache_mem 256 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 512 MB minimum_object_size 0 KB maximum_object_size_in_memory 128 KB access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log error_directory /usr/share/squid/errors/pt-br cache_mgr r...@empresa.com.br cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA fqdncache_size 1024 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #Prioriza resolucao DNS IPv4 dns_v4_first on cache_dir aufs /var/spool/squid 600 16 256 visible_hostname "Monitoramento-de-Acesso-a-Internet" ### acls acl SSL_ports port 443 acl Safe_ports port 21 # ftp acl Safe_ports port 70 # gopher acl Safe_ports port 80 # http acl Safe_ports port 88 # kerberos acl Safe_ports port 123 # ntp acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 3456 # Siafi acl Safe_ports port 389 # ldap acl Safe_ports port 443 # https acl Safe_ports port 488 # gss-http acl Safe_ports port 563 # snews acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 3001 # imprenssa nacional acl Safe_ports port 8080 # http acl Safe_ports port 8443 # http acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT acl sistemas-bloqueados dstdomain "/etc/squid/acls/sistemas-bloqueados" http_access deny sistemas-bloqueados ## Negotiate kerberos/NTLM module auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --use-cached-creds --kerberos /usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME auth_param negotiate children 200 startup=15 idle=5 auth_param negotiate keep_alive on ## NTLM Auth auth_param ntlm program /usr/bin/ntlm_auth --use-cached-creds --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 110 startup=5 idle=5 auth_param ntlm keep_alive on auth_param basic realm "Squid Proxy" # Incorpora as regras do SquidGuard #redirect_program /usr/bin/squidGuard #redirect_children 20 #redirector_bypass on acl ntlm_users proxy_auth REQUIRED http_access allow ntlm_users http_access deny all ### LAN ##### acl rede_usuarios src 192.168.0.0/16 ### Regras Padrao do Squid #http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost #libera a resposta a partir do proxy http_reply_access allow all #acl manager proto cache_object ### Allow LAN http_access allow rede_usuarios #cache_effective_user proxy coredump_dir /var/spool/squid # SquidGuard url_rewrite_program /usr/bin/squidGuard redirector_bypass on As I don't use proxy transparence, is it necessary to create SSL certificate for my Proxy server? Can anybody help me? Regards, Márcio Bacci
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
