My acl section and http_access:
acl manager proto cache_object COAP
acl localhost src 127.0.0.1/32 ::1
acl Whitelist dstdomain "/etc/squid/whitelist_sites"
acl ncsa_users proxy_auth REQUIRED
acl SSL_ports port 443
acl Safe_ports port 80
acl CONNECT method CONNECT
acl all src all
# cachemgr access
http_access allow manager localhost
http_access deny manager
# http_access Section
http_access allow ncsa_users Whitelist
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access deny all
Squid version: 2.7
Port: 443
Browser: Chrome
Site: gmail.com (although it's denying all https requests)
On Tue, Oct 16, 2012 at 5:41 PM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> On 10/16/2012 9:41 PM, Mike Muir wrote:
>>
>> Hello,
>>
>> I'm getting a TCP DENIED/403 in the access log when trying to access
>> all HTTPS sites via web browser. The browser displays: Error 111
>> (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
>>
>> I've included the following in my squid.conf (I'm using Squid 2.7)
>> which to my understanding should allow traffic on 443:
>>
>> acl SSL_ports port 443
>> acl CONNECT method CONNECT
>>
>> http_access deny CONNECT !SSL_ports
>>
>> I'll provide more info if necessary, but has anyone experienced this
>> problem before? Any help would be appreciated.
>>
>> Regards
>>
> what version of squid?
> what are the allow (not deny) acls?
> what ports?
> what browser?
> what site?
>
> Regards,
> Eliezer
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il
-- Mike Muir Jr IT Administrator v: 902.492.0100 ext.131 f: 902.492.0078 www.me-ality.com | 420 Lexington Ave., Suite 1701, New York, NY 10170-1704 | 133 Troop Ave., Dartmouth, NS, B3B 2A7Received on Tue Oct 16 2012 - 20:50:03 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 17 2012 - 12:00:02 MDT