Huang Yu Yin wrote:
>
> Hello Marc,
>
> Thanks for responding. My answers to your questions
> below :
>
> My squid is running on Solaris 8. I'm not using
> trasparent proxy. I'm using squid 2.4 stable 7.
>
> Seems I have a lot of problem with squid, despite
> reading up and checking on the squid user guide and
> FAQs. I've unsubscribed from squid-user mailing list
> bec it seems no one is interested in my problem, and
> most the times, I don't get my questions answered. So
> far, I've got only 1 answer, but the suggestion given
> doesn't solve my problems. Hope u can help me 1 last
> time. I'm now thinking of giving up squid. Here's what
> happen :
>
> For my testing, I tried to access :
> https://internet-banking.dbs.com.sg, after a long
> wait, the message "The page cannot be displayed
> appeared." When I looked at the cache.log, the URL
> entry did not even appear on the log. So I do not
> know why squid refused to go to https websites. If I
> go to any http websites, it appears to be fine. Also,
> my MAXCONN acl doesn't work. My users can have as
> many as 15-20 connections to the Internet, despite I
> have limit it to 5, sigh, I'm tired.
Make sure that no other firewall - perimeters are limiting
your SQUID box , from reaching https based websites .
E.g :
% telnet internet-banking.dbs.com.sg 443
issued from your SQUID box, should lead to an established
connection.
You may want to test this.
M.
>
> Part of my cache log below :
>
> 2002/11/21 15:03:59| aclMatchAclList: checking all
> 2002/11/21 15:03:59| aclMatchAcl: checking 'acl all
> src 0.0.0.0/0.0.0.0'
> 2002/11/21 15:03:59| aclMatchIp: '10.3.1.89' found
> 2002/11/21 15:03:59| aclMatchAclList: returning 1
> 2002/11/21 15:03:59| aclCheck: checking 'http_access
> deny BannedSites'
> 2002/11/21 15:03:59| aclMatchAclList: checking
> BannedSites
> 2002/11/21 15:03:59| aclMatchAcl: checking 'acl
> BannedSites url_regex -i
> "/usr/local/squid/etc/banned.txt"'
> 2002/11/21 15:03:59| aclMatchRegex: checking
> 'http://www.yahoo.com/'
> 2002/11/21 15:03:59| aclMatchRegex: looking for 'mp3'
> 2002/11/21 15:03:59| aclMatchRegex: looking for 'mpeg'
> 2002/11/21 15:03:59| aclMatchRegex: looking for
> 'movies'
> 2002/11/21 15:03:59| aclMatchRegex: checking
> 'http://cww.yahoo.com/'
> 2002/11/21 15:03:59| aclMatchRegex: looking for 'mp3'
> 2002/11/21 15:03:59| aclMatchRegex: looking for 'mpeg'
> 2002/11/21 15:03:59| aclMatchRegex: looking for
> 'movnes'
> 2002/11/21 15:03:59| aclMatchRegex: looking for
> 'music'
> 2002/11/21 15:03:59| aclCheck: checking 'http_access
> deny 5CONN NSBG'
> 2002/11/21 15:03:59| aclMatchAclList: checking 5CONN
> 2002/11/21 15:03:59| aclMatchAcl: checking 'acl 5CONN
> maxconn 5'
> 2002/11/21 15:03:59| aclMatchAclList: returning 0
> 2002/11/21 15:03:59| aclCheck: checking 'http_access
> allow NSBG'
> 2002/11/21 15:03:59| aclMatchAclList: checking NSBG
> 2002/11/21 15:03:59| aclMatchIp: '10.3.1.89' foundBG
> src 10.3.1.132/32 10.3.1.89
> 2002/11/21 15:03:59| aclMatchAclList: returning 1
> 2002/11/21 15:03:59| aclCheck: match found, returning
> 1
> 2002/11/21 15:03:59| aclCheckCallback: answer=1
> 2002/11/21 15:03:59| aclCheck: checking 'no_cache deny
> QUERY' ALLOWED, because i
> 2002/11/21 15:03:59| aclMatchAclList: checking QUERY
> 2002/11/21 15:03:59| aclMatchAcl: checking 'acl QUERY
> urlpath_regex cgi-bin \?'
> 2002/11/21 15:03:59| aclMatchRegex: checking '/'
> 2002/11/21 15:03:59| aclMatchRegex: looking for
> 'cgi-bin'
> 2002/11/21 15:03:59| aclMatchRegex: looking for '\?'
> 2002/11/21 15:03:59| aclMatchAclList: returning 0
> 2002/11/21 15:03:59| aclCheck: NO match found,
> returning 1
> 2002/11/21 15:03:59| aclCheckCallback: answer=1
>
> Sorry for being grumpy.
>
> --- Marc Elsen <marc.elsen@imec.be> wrote: >
> > Huang Yu Yin wrote:
> > >
> > > Hi,
> > > My squid is unable to go to HTTPS websites.
> > > I have already done the following :
> > > 1) ./configure --enable-ssl
> >
> > --enable-ssl is not related to this problem.
> > (Only needed when building an ssl based site
> > accelerator).
> >
> > >
> > > 2) Include the lines in Squid.Conf
> > > - acl Safe_ports port 443 563
> > > - acl CONNECT method CONNECT
> > > - http_access allow Safe_ports
> > >
> > > what else is missing ?
>
> > What is seen in cache.log ?
> > What error is returned in browser(s) ?
> >
> > Which squid version ?
> > On which os ?
> >
> > Are you using transp. proxying ?
> >
> > M.
> > > thanks.
>
> __________________________________________________
> Do You Yahoo!?
> Play for a chance to win a trip to Sydney!
> http://sg.mobile.yahoo.com
-- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)Received on Thu Nov 21 2002 - 10:15:47 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:29 MST