Squid proxy - https and ftp not working

Posted on 2009-04-30
Last Modified: 2013-12-06

I have setup a Squid3 proxy on a Debian 5 server, it all works fine, except I can't get https and ftp to work through it. I have searched and I have tried a few suggestions/solutions but I am getting nowhere.

I have tried adding the following lines to squid.conf:
acl FTP proto FTP
always_direct allow FTP
acl HTTPS proto HTTPS
always_direct allow HTTPS

But it doesn't work, I also added the following line:
https_port 443

It then gives me a cannot find SSL certificate error and it still doesn't work.

Below is my current Squid.conf  Any one have any suggestions on how to get https and FTP working for my squid?
acl manager proto cache_object

acl localhost src

acl to_localhost dst

acl purge method PURGE


acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl localnet src

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access allow !Safe_ports

http_access allow CONNECT !SSL_ports

http_access allow localhost

http_access allow localnet

http_access deny all

http_reply_access allow all

icp_access allow all

htcp_access allow all

http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache_dir ufs /var/spool/squid 48332 64 256

access_log /usr/local/squid/var/logs/access.log squid

refresh_pattern ^ftp:           1440    20%     10080 override-expire

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern (cgi-bin|\?)    0       0%      0

refresh_pattern .               0       20%     4320

cache_effective_user squid

icp_port 3130

coredump_dir /usr/local/squid/var/cache

cache_effective_group squid

cache_mem 1434 MB

maximum_object_size 30 MB

Open in new window

Question by:Rigged
    LVL 1

    Accepted Solution

    Looks like I will have to give my self the points for this one :P

    I found that my problem wasn't anything to do with the Squid configuration as such and actually iptables on the Squid/Debian server.

    I found a proxy/iptables script on (a very nice and simple squid setup How To) edited it to suit my network and setup and ran the script. after I ran the script I ensured that the rules were saved and bingo FTP and HTTPS was working.
    LVL 32

    Expert Comment

    by:Kamran Arshad

    Is your squid implemented as a transparent proxy?
    LVL 1

    Author Comment

    hey. Yeah it is a tranparent Proxy

    http_port 3128 transparent

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
    The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now