[squid-users] Re: Getting squid 3.4.stable3 working with https://

From: Rainer Hantsch <rainer@dont-contact.us>
Date: Tue, 16 Dec 2003 07:20:58 +0100 (CET)

Hi, and thanks that you answered my SOS call. ;-)

Because I am an absolute newbe to squid, I feel totally overtaxed with this 48
pages long configuration file squid.conf.

A big please:
-------------
Could you - please - leave me a modified one by eMail so that I can compare it
with the old one line by line?

What I need can be said in one sentence: All clients shall have no access
problems to usual Internet web-services when PROXY is configured for http,
https and ftp.

If squid acts as cache or as a simple forwarder does not matter, but it should
keep an updated log of all accessed files to allow analyzing which user
downloaded which file(s), because WEB is a security hole (user could download
executables/worms and bring in a virus hereby).
Is there an easy possibility to block downloading of *.vbs/*.exe/... ?

Your help will...
a.) lead to an immediately working solution, and ...
b.) give me the possibility to understand it better

Thanks a lot in advance. My email address is: rainer@hantsch.co.at

Again, thanks for your first answer.

On Mon, 15 Dec 2003, Muthukumar wrote:
| > web server here: --> http://www.hantsch.co.at/_temp/av-squid.conf
| >
| >
| >>>>>>>>>>>>
|
| I think the problem is on these lines as
|
| http_access allow manager localhost
| http_access deny manager
| ..
| ...
| #Allow ICP queries from eveyone
| icp_access allow all
| >>>>
| http_access deny manager
| After allowing the local hosts,It will block the cached object using the
| HTTPS ports while accessing the page.
| So access is denied.So the cache permission for the Safe_ports are denied.So
| the pages using the Safe_ports(443-https) will not be cached.
| The access is not denied to them.
|
| Check this changed one,
| no_cache deny Safe_ports
| http_access allow manager localhost
| http_access deny !Safe_ports
| http_access deny CONNECT !SSL_ports
| http_access deny all
| icp_access allow all
|
| It will work.
|
| Regards,
| Muthukumar.
|

mfg

  Ing. Rainer Hantsch
Received on Mon Dec 15 2003 - 23:24:05 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:13 MST