Re: HTTPS Problem/Question

From: Panagiotis Malakoudis <pmal@dont-contact.us>
Date: Mon, 27 Dec 1999 12:18:20 +0200

How about sending us the access list and http access part again (the new one
that is)

Panagiotis S. Malakoudis

Systems Administrator
SPACE HELLAS S.A.
----- Original Message -----
From: "Richard van Denzel" <richardd@interaccess.nl>
To: "Panagiotis Malakoudis" <pmal@space.gr>
Cc: <squid-users@ircache.net>
Sent: Friday, December 24, 1999 3:36 PM
Subject: Re: HTTPS Problem/Question

> Nope, that didn't work.
>
> Panagiotis Malakoudis wrote:
>
> > Squid stops when it founds a match from an access list.
> > In your case "http_access deny !Safe_ports" is the first access list to
> > check and this is why you cannot see https localy.
> > It is a very generic acl and it blocks your access.
> > You basically say to the system "deny everything but safe ports" . When
your
> > request goes through the proxy it matches this first acl and exits with
the
> > message you see.
> > You need to rearrange you acls in a way that are not so generic.
> > Why define all these safe ports and not define only dangerous ports?
This
> > way you could just say
> >
> > acl all src 0.0.0.0/0.0.0.0
> > acl SSL_ports port 443 563 777
> > acl Dangerous_ports port 7 9 19
> > acl CONNECT method CONNECT
> >
> > http_access deny Dangerous_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow all
> >
> > Panagiotis S. Malakoudis
> >
> > Systems Administrator
> > SPACE HELLAS S.A.
> >
> > ----- Original Message -----
> > From: "Richard van Denzel" <richardd@interaccess.nl>
> > To: <squid-users@ircache.net>; "Paul Gomersbach" <paulg@interaccess.nl>
> > Sent: Tuesday, December 21, 1999 1:54 PM
> > Subject: HTTPS Problem/Question
> >
> > > Hi All,
> > >
> > > I've got a strange problem with https. Our firewall is web-capable by
> > > using:
> > > https://gw:777.
> > > When I access https pages on the Internet, there are no problems. But
> > > internal Netscape (4.7) responds with an error receiving data
> > > (connection refused). When I bypass the squid proxy (using direct
> > > connection) it works, or even when using our old Netscape 3.5 Proxy
> > > Server it works.
> > >
> > > The following lines are from squid.conf (2.2S5):
> > >
> > > acl SSL_ports port 443 563 777
> > > acl Safe_ports port 80 21 443 563 777 70 210 1025-65535
> > > acl CONNECT method CONNECT
> > >
> > > http_access deny !Safe_ports
> > > http_access deny CONNECT !SSL_ports
> > >
> > > Can anyone tell me what I'm doing wrong?
> > >
> > > Thanx,
> > >
> > > Richard.
>
>
Received on Mon Dec 27 1999 - 03:41:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:06 MST