On 20/03/2013 12:36 a.m., Jannis Kafkoulas wrote:
Hi,
I'm using squid 2.7 on RHEL 5.6 and I have following issue:
I want to restrict a client to accessing a specific https site
and herein only a specific root path (and sub directories).
So I tried this:
acl restr_client src 10.1.1.100/32
acl restr_dom dstdomain www.example.com
acl xyz urlpath_regex -i ^/xyz/
http_access deny restr_client !restr_dom
http_access deny restr_client !xyz
.
.
.
The problem is that (as I can see in the access.log) it's
being allowed to connect directly only if I use http but
as soon as I'm using https the request is being blocked
and I can't see anything in the access.log.
Even if I use url_regex -i ^https://www.example.com
instead of dstdomain it doesn't work.
Any hints?
HTTP passes through Squid in the form of a CONNECT tunnel setup request,
followed by encrypted bytes. Other than the hostname and port the client
is contacting nothing is visible to Squid.
Amos
