On Mon, 16 Aug 2010 11:22:41 -0500, >p3dRø< <ip2trama_at_gmail.com> wrote:
> Hello,
>
> I've installed squid in transparent mode with proxy port: 3128
>
What do you mean by "transparent"? that affects how you do things. A lot.
> I have problems, my client can not connect to page:
> ww4.essalud.gob.pe:7779/acredita
>
> When I connect to that page without the squid, it's all ok. So the
> problem is the Proxy.
It seems that you don't mean transparent interception. Unless your
firewall config was intercepting ports other than 80.
> In /etc/squid/squid.conf is configured:
> acl Safe_ports port 7779
> http_access deny CONNECT !Safe_ports
broken config right there.
correct config is two separate lines:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
Specifically;
* block ALL access to unsafe ports (mail servers etc).
and
* block binary CONNECT tunnels to non- SSL-encrypted ports.
>
> The log send TCP_MISS/503 error:
> TCP_MISS/503 0 CONNECT essalud.gob.pe:7779
>
> What do you recommend to me to do ?
CONNECT method is not permitted direct to origin servers. That request was
intended for a proxy. So what you meant by "transparent" is very important.
Amos
Received on Mon Aug 16 2010 - 23:42:36 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 18 2010 - 12:00:03 MDT