hi everybody, there really isn't any good tutorial out there for this subject (i'm trying to make one: http://norgesinternettforum.no/showpost.php?p=2652&postcount=2) so i'm asking here as a last resort. here's my setup: internet (where my users will come from) intranet (our local network) i have a weblogic server 8.1 (wl81machine) in our intranet running a ssl/https site (we're testing out verisign ssl). i also have installed squid 2.6 STABLE4 (with --enable-ssl) on debian 3 (deb3machine) squid is acting as a reverse proxy to wl81machine, basically just sending requests back and forth, no caching or anything, on port 8080. when i try to access wl81machine from the internet i get an access denied error and it shows the ip address to wl81machine without the port: " while trying to retrieve the url: https://192.168.0.150 the following error was encountered: access denied ... " i know this is got to be something wrong with my squid.conf: #-----START--------- https_port 8080 cert=/usr/local/squid/etc/key.crt key=/usr/local/squid/etc/key.key defaultsite=192.168.0.150 sslproxy_flags DONT_VERIFY_PEER hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all icp_access allow all cache_effective_user squid cache_effective_group squid #-----END--------- i don't need any http access only https, so do i need those lines. there are a couple of pages in google referring to https_access, but they've got to be wrong because i can't find anything about https_access anywhere in the documentation. any ideas as to what i'm missing, doing wrong? thanks in advance, Nick
