Mike Carpenter wrote:
> I have run into an issue where Squid is not allowing an SSL connection to
> be made to a diferent port than 443.
This is Squid's default behavior, for good reason. SSL is used through a
proxy via the CONNECT method, which (when allowed) opens an unmonitored and
unrestricted tunnel through the proxy to a remote server.
> Normally, when making a request to Squid, I am prompted for credentials
> (smb_auth helper) and then the web page is retrieved. This error is
> strange in that we can not access (for example) https://www.foo.org:17780.
The answer is before your eyes in your squid.conf:
> acl SSL_ports port 443 563
> acl Safe_ports port 443 563 # https, snews
[other Safe_ports lines snipped]
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
Add the port in question to SSL_ports and Safe_ports. Beware, though - this
will let anyone tunnel through your proxy to that port on any server.
Adam
Received on Wed May 05 2004 - 10:35:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT