Re: [squid-users] SSL

Yes, while you are allowing the connect, its not in your safe ports list:
acl Safe_ports port 80 21 280 443 488 563 591 70 210 777 1025-65535
http_access deny !Safe_ports

That will be stopping it.
Add 9100 to safe ports and it will work fine

Dave Raven.
Opteq Sec.

----- Original Message -----
From: Theresa S. Klarr
To: squid-users@squid-cache.org
Sent: Tuesday, February 26, 2002 9:22 PM
Subject: [squid-users] SSL

I am having trouble getting access to the https://xxxxx.xxx:9100 on my
internal server. I put the 9100 port into the SSL_ports line, but I still
can't access it. I can see the following error in the log file:
1014748287.666 0 196.77.12.76 TCP_DENIED/403 1034 CONNECT
mail-stp.smythco.com:9100 - NONE/- -
I obviously have something wrong with my conf file, but I can't figure out
what it is.
I have the following in my squid.conf file:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl cachemgr src 208.227.40.20
acl SSL_ports port 9100 9010 9443 443 563
acl Safe_ports port 80 21 280 443 488 563 591 70 210 777 1025-65535
acl CONNECT method CONNECT
acl permit_host src "/usr/local/squid/etc/permit_host"
acl permit_dest dstdomain "/usr/local/squid/etc/permit_dest"

http_access allow manager localhost
http_access allow manager cachemgr
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#Allow anyone to only the authorized dest
http_access allow permit_dest
#Allow the listed hosts to the whole internet
http_access allow permit_host
#deny access if not a permitted host and trying to go to unauthorized dest
http_access deny all

Any help would be greatly appreciated.

Thanks,
Theresa
Received on Tue Feb 26 2002 - 13:54:37 MST