We help IT Professionals succeed at work.

Client not able to view secure sites (https) when browsing thru squid

1,032 Views
Last Modified: 2013-12-06
Hi,
I am using. Red Hat Enterprise Linux ES release 3 (Taroon) & squid version STABLE2.5. The configuration is herewith attached.  
My requirement is to block all sites and to allow only 3 sites , which are secure sites (https). With the current configuration where i need to change the setting.



http_port 11011
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16  MB
maximum_object_size_in_memory 100 KB
request_body_max_size 100 KB
reply_body_max_size 0
 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 9998 8080   # http
acl Safe_ports port 20 21       # ftp
acl Safe_ports port 443 563 8443            # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 4650        # custom port
acl Safe_ports port 25 110      # pop3 port
acl Safe_ports port 201         # Unknown Port
acl CONNECT method CONNECT
acl intrallow url_regex "/etc/squid/intrallow"
visible_hostname proxy2
 
http_access allow intrallow
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
 
httpd_accel_host virtual
httpd_accel_port 80
 
httpd_accel_with_proxy on
memory_pools off
~

Open in new window

Comment
Watch Question

Author

Commented:
also for
acl intrallow url_regex "/etc/squid/intrallow"

I have added the sites on "intrallow" file eg: http://expert-exchange.com, http://icicibank.com".

For example if i click in http://icicibank.com , the first page comes up, when i click on Personal login ( Which takes to secure site) it says "Access denied, The acl is restricting you to view these sites.
(Note: The website has no problem as it is working from my Notebook, connect thru DSL directly)
what is the client (browser u r using)
 whether
whether the " use proxy server for all protocol" selected.
firefox.JPG
Top Expert 2008

Commented:
The problem is that when you click on "Login" on the bank site, it redirects you to:

https://infinity.icicibank.co.in

You'll have to add this site to your intrallow list and the login will work.

Author

Commented:
http://wiki.squid-cache.org/SquidFaq/AboutSquid?highlight=(HTTPS)#head-593dae4b6b740816917a6cc2ce5854d3d43624ee
I tried the optin still not opening

what is the client (browser u r using)
IE 7

whether the " use proxy server for all protocol" selected.
Yes , Use the proxy server for all protocols
The problem is that when you click on "Login" on the bank site, it redirects you to:
https://infinity.icicibank.co.in
 The same has been already added.
Gabriel OrozcoSolution Architect

Commented:
what if you allow connect?

# Deny CONNECT to other than Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow CONNECT Safe_ports

at line 30 in your config
Gabriel OrozcoSolution Architect

Commented:
any news?
Gabriel OrozcoSolution Architect

Commented:
I noticed they wanted to connect to SSL but did not allow connection to port 443 (SSL)

That was the problem as far as I can see.

Author

Commented:
Hi ,
As said i had added the httpaccess to the ports. Now it is working fine. But when browsing the proxy from the clint it is damn slow.
My Internet link is 2 Mbps. It is opening very slow as if browsing thru 56 k modem.

Solution Architect
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.