We help IT Professionals succeed at work.

Client not able to view secure sites (https) when browsing thru squid

Last Modified: 2013-12-06
I am using. Red Hat Enterprise Linux ES release 3 (Taroon) & squid version STABLE2.5. The configuration is herewith attached.  
My requirement is to block all sites and to allow only 3 sites , which are secure sites (https). With the current configuration where i need to change the setting.

http_port 11011
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16  MB
maximum_object_size_in_memory 100 KB
request_body_max_size 100 KB
reply_body_max_size 0
acl all src
acl manager proto cache_object
acl localhost src
acl Safe_ports port 80 9998 8080   # http
acl Safe_ports port 20 21       # ftp
acl Safe_ports port 443 563 8443            # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 4650        # custom port
acl Safe_ports port 25 110      # pop3 port
acl Safe_ports port 201         # Unknown Port
acl intrallow url_regex "/etc/squid/intrallow"
visible_hostname proxy2
http_access allow intrallow
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
memory_pools off

Open in new window

Watch Question


also for
acl intrallow url_regex "/etc/squid/intrallow"

I have added the sites on "intrallow" file eg: http://expert-exchange.com, http://icicibank.com".

For example if i click in http://icicibank.com , the first page comes up, when i click on Personal login ( Which takes to secure site) it says "Access denied, The acl is restricting you to view these sites.
(Note: The website has no problem as it is working from my Notebook, connect thru DSL directly)
what is the client (browser u r using)
whether the " use proxy server for all protocol" selected.
Top Expert 2008

The problem is that when you click on "Login" on the bank site, it redirects you to:


You'll have to add this site to your intrallow list and the login will work.


I tried the optin still not opening

what is the client (browser u r using)
IE 7

whether the " use proxy server for all protocol" selected.
Yes , Use the proxy server for all protocols
The problem is that when you click on "Login" on the bank site, it redirects you to:
 The same has been already added.
Gabriel OrozcoSolution Architect

what if you allow connect?

# Deny CONNECT to other than Safe_ports
http_access deny CONNECT !Safe_ports
http_access allow CONNECT Safe_ports

at line 30 in your config
Gabriel OrozcoSolution Architect

any news?
Gabriel OrozcoSolution Architect

I noticed they wanted to connect to SSL but did not allow connection to port 443 (SSL)

That was the problem as far as I can see.


Hi ,
As said i had added the httpaccess to the ports. Now it is working fine. But when browsing the proxy from the clint it is damn slow.
My Internet link is 2 Mbps. It is opening very slow as if browsing thru 56 k modem.

Solution Architect
This one is on us!
(Get your first solution completely free - no credit card required)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.