Re: [squid-users] CONNECT acl protocol

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 08 May 2013 02:54:28 +1200

On 8/05/2013 1:31 a.m., China wrote:
> Hi,
> I've some squid servers (until 3.1.20 version) which has the following
> configuration and works great:
>
> acl allowed_protocols proto HTTP HTTPS CONNECT FTP
> http_access deny !allowed_protocols
>
> After the upgrade to 3.3.3 version, sqiud print the following warning
> in the configuration check:
>
> WARNING: Ignoring unknown protocol 'CONNECT' in the ACL named
> 'allowed_protocols'

Squid does not at this time support URL starting with "connect://". That
is all this means. The older versions accepted it, but did nothing with
it. So it would seem to be unrelated to the actual problem you are now
having.

> and squid clients can't no more connect to HTTPS sites.

There is a CONNECT *method* in HTTP protocol, which is used to pass
HTTPS traffic through HTTP proxies.

Please check your http_access lines to see what they do when an HTTP
request with method CONNECT happens. The default config provided with
Squid restricts CONNECT requests to opening tunnels to a specific set of
SSL_Ports where HTTPS is normally seen - if you have altered that set or
changed the http_access lines those changes may be the cause of your
problem.

>
> How can I check the protocols like configuration in old versions?--

Please run "squid -k parse" on your squid.conf file. It should highlight
any other problems you have in the config.

Amos
Received on Tue May 07 2013 - 14:54:41 MDT

This archive was generated by hypermail 2.2.0 : Tue May 07 2013 - 12:00:04 MDT