On 20/03/2013 12:36 a.m., Jannis Kafkoulas wrote:
> Hi,
>
> I'm using squid 2.7 on RHEL 5.6 and I have following issue:
>
> I want to restrict a client to accessing a specific https site
> and herein only a specific root path (and sub directories).
>
> So I tried this:
> acl restr_client src 10.1.1.100/32
> acl restr_dom dstdomain www.example.com
> acl xyz urlpath_regex -i ^/xyz/
>
> http_access deny restr_client !restr_dom
> http_access deny restr_client !xyz
> .
> .
> .
>
> The problem is that (as I can see in the access.log) it's
> being allowed to connect directly only if I use http but
> as soon as I'm using https the request is being blocked
> and I can't see anything in the access.log.
>
> Even if I use url_regex -i ^https://www.example.com
> instead of dstdomain it doesn't work.
>
> Any hints?
HTTP passes through Squid in the form of a CONNECT tunnel setup request,
followed by encrypted bytes. Other than the hostname and port the client
is contacting nothing is visible to Squid.
Amos
Received on Tue Mar 19 2013 - 14:55:54 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 21 2013 - 12:00:04 MDT