Re: HTTPS Problem/Question

Nope, that didn't work.

Panagiotis Malakoudis wrote:

> Squid stops when it founds a match from an access list.
> In your case "http_access deny !Safe_ports" is the first access list to
> check and this is why you cannot see https localy.
> It is a very generic acl and it blocks your access.
> You basically say to the system "deny everything but safe ports" . When your
> request goes through the proxy it matches this first acl and exits with the
> message you see.
> You need to rearrange you acls in a way that are not so generic.
> Why define all these safe ports and not define only dangerous ports? This
> way you could just say
>
> acl all src 0.0.0.0/0.0.0.0
> acl SSL_ports port 443 563 777
> acl Dangerous_ports port 7 9 19
> acl CONNECT method CONNECT
>
> http_access deny Dangerous_ports
> http_access deny CONNECT !SSL_ports
> http_access allow all
>
> Panagiotis S. Malakoudis
>
> Systems Administrator
> SPACE HELLAS S.A.
>
> ----- Original Message -----
> From: "Richard van Denzel" <richardd@interaccess.nl>
> To: <squid-users@ircache.net>; "Paul Gomersbach" <paulg@interaccess.nl>
> Sent: Tuesday, December 21, 1999 1:54 PM
> Subject: HTTPS Problem/Question
>
> > Hi All,
> >
> > I've got a strange problem with https. Our firewall is web-capable by
> > using:
> > https://gw:777.
> > When I access https pages on the Internet, there are no problems. But
> > internal Netscape (4.7) responds with an error receiving data
> > (connection refused). When I bypass the squid proxy (using direct
> > connection) it works, or even when using our old Netscape 3.5 Proxy
> > Server it works.
> >
> > The following lines are from squid.conf (2.2S5):
> >
> > acl SSL_ports port 443 563 777
> > acl Safe_ports port 80 21 443 563 777 70 210 1025-65535
> > acl CONNECT method CONNECT
> >
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> >
> > Can anyone tell me what I'm doing wrong?
> >
> > Thanx,
> >
> > Richard.