Squid stops when it founds a match from an access list.
In your case "http_access deny !Safe_ports" is the first access list to
check and this is why you cannot see https localy.
It is a very generic acl and it blocks your access.
You basically say to the system "deny everything but safe ports" . When your
request goes through the proxy it matches this first acl and exits with the
message you see.
You need to rearrange you acls in a way that are not so generic.
Why define all these safe ports and not define only dangerous ports? This
way you could just say
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563 777
acl Dangerous_ports port 7 9 19
acl CONNECT method CONNECT
http_access deny Dangerous_ports
http_access deny CONNECT !SSL_ports
http_access allow all
Panagiotis S. Malakoudis
Systems Administrator
SPACE HELLAS S.A.
----- Original Message -----
From: "Richard van Denzel" <richardd@interaccess.nl>
To: <squid-users@ircache.net>; "Paul Gomersbach" <paulg@interaccess.nl>
Sent: Tuesday, December 21, 1999 1:54 PM
Subject: HTTPS Problem/Question
> Hi All,
>
> I've got a strange problem with https. Our firewall is web-capable by
> using:
> https://gw:777.
> When I access https pages on the Internet, there are no problems. But
> internal Netscape (4.7) responds with an error receiving data
> (connection refused). When I bypass the squid proxy (using direct
> connection) it works, or even when using our old Netscape 3.5 Proxy
> Server it works.
>
> The following lines are from squid.conf (2.2S5):
>
> acl SSL_ports port 443 563 777
> acl Safe_ports port 80 21 443 563 777 70 210 1025-65535
> acl CONNECT method CONNECT
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> Can anyone tell me what I'm doing wrong?
>
> Thanx,
>
> Richard.
Received on Fri Dec 24 1999 - 01:19:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:06 MST