asked on Client not able to view secure sites (https) when browsing thru squid
Hi,
I am using. Red Hat Enterprise Linux ES release 3 (Taroon) & squid version STABLE2.5. The configuration is herewith attached.
My requirement is to block all sites and to allow only 3 sites , which are secure sites (https). With the current configuration where i need to change the setting.
I am using. Red Hat Enterprise Linux ES release 3 (Taroon) & squid version STABLE2.5. The configuration is herewith attached.
My requirement is to block all sites and to allow only 3 sites , which are secure sites (https). With the current configuration where i need to change the setting.
http_port 11011
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
maximum_object_size_in_memory 100 KB
request_body_max_size 100 KB
reply_body_max_size 0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 9998 8080 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 443 563 8443 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 4650 # custom port
acl Safe_ports port 25 110 # pop3 port
acl Safe_ports port 201 # Unknown Port
acl CONNECT method CONNECT
acl intrallow url_regex "/etc/squid/intrallow"
visible_hostname proxy2
http_access allow intrallow
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
memory_pools off
~
Linux DistributionsLinux SecurityLinux
Last Comment
Gabriel Orozco
Squid only support CONNECT method fot HTTPS sites:
http://wiki.squid-cache.org/SquidFaq/AboutSquid?highlight=(HTTPS)#head-593dae4b6b740816917a6cc2ce5854d3d43624ee
http://wiki.squid-cache.org/SquidFaq/AboutSquid?highlight=(HTTPS)#head-593dae4b6b740816917a6cc2ce5854d3d43624ee
what is the client (browser u r using)
whether
whether
whether the " use proxy server for all protocol" selected.
firefox.JPG
firefox.JPG
The problem is that when you click on "Login" on the bank site, it redirects you to:
https://infinity.icicibank.co.in
You'll have to add this site to your intrallow list and the login will work.
https://infinity.icicibank.co.in
You'll have to add this site to your intrallow list and the login will work.
ASKER
http://wiki.squid-cache.org/SquidFaq/AboutSquid?highlight=(HTTPS)#head-593dae4b6b740816917a6cc2ce5854d3d43624ee
I tried the optin still not opening
what is the client (browser u r using)
IE 7
whether the " use proxy server for all protocol" selected.
Yes , Use the proxy server for all protocols
The problem is that when you click on "Login" on the bank site, it redirects you to:
https://infinity.icicibank.co.in
The same has been already added.
I tried the optin still not opening
what is the client (browser u r using)
IE 7
whether the " use proxy server for all protocol" selected.
Yes , Use the proxy server for all protocols
The problem is that when you click on "Login" on the bank site, it redirects you to:
https://infinity.icicibank.co.in
The same has been already added.
what if you allow connect?
# Deny CONNECT to other than Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow CONNECT Safe_ports
at line 30 in your config
# Deny CONNECT to other than Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow CONNECT Safe_ports
at line 30 in your config
any news?
I noticed they wanted to connect to SSL but did not allow connection to port 443 (SSL)
That was the problem as far as I can see.
That was the problem as far as I can see.
ASKER
Hi ,
As said i had added the httpaccess to the ports. Now it is working fine. But when browsing the proxy from the clint it is damn slow.
My Internet link is 2 Mbps. It is opening very slow as if browsing thru 56 k modem.
As said i had added the httpaccess to the ports. Now it is working fine. But when browsing the proxy from the clint it is damn slow.
My Internet link is 2 Mbps. It is opening very slow as if browsing thru 56 k modem.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
acl intrallow url_regex "/etc/squid/intrallow"
I have added the sites on "intrallow" file eg: http://expert-exchange.com, http://icicibank.com".
For example if i click in http://icicibank.com , the first page comes up, when i click on Personal login ( Which takes to secure site) it says "Access denied, The acl is restricting you to view these sites.
(Note: The website has no problem as it is working from my Notebook, connect thru DSL directly)