>>> and when a try to connect using transparent proxy, and
>>> error is shown in access.log:
>>> TCP_DENIED/403 1044 CONNECT 200.170.45.6:7773 - NONE/- -
>> Post your squid.conf (without blank lines or comments).
> Sorry my late response:
By default Squid only allows the CONNECT method to two well-known SSL
ports. This to prevent abuse of the proxy server via the connect
method. There are two ways to fix this:
1) Change this line
acl SSL_ports port 443 563
to
acl SSL_ports port 443 563 7773
2) Create an acl to match this site
acl some_site dst 200.170.45.6
http_access allow CONNECT some_site
Put the http_access line before this line in squid.conf
http_access deny CONNECT !SSL_ports
I would recommend #2. It is more work to setup, but it is more secure.
Adam
Received on Wed Sep 17 2003 - 13:33:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:55 MST