Hi Martin, Squid is a little awkward: the URL returned by squidguard must have the protocol as the original URL. So for a URL with HTTPS protocol, squidguard must return a URL that uses the HTTPS protocol. This is really not nice but the workaround is to use a 302 redirection: redirect 302:http://www.internal-server.com/blocked.html -Marcus martin perner wrote:
Hi, I'm running a squid 2.7.STABLE3 on a SLES10 as a normal proxy. For content-filtering we are using squidguard which redirects a user to a special page if he hits a blocked page. If the redirect goes to a http page everthing works as expeced. But if the redirect goes to a https page, the user gets a errorpage saying that the connection failed and the system returned '(71) Protocol error'. In the cache.log a error is printed (attached). A deny_info to the https page works without any problem. When i'm adding 'sslproxy_flags DONT_VERIFY_PEER' to the squid.conf the error disappears. The question is now: is the sslproxy_flags method opening any holes in the setup or is there an other way for solving this problem? Thanks in advance part of the cache.log (cut the detail about the certificate): 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection on FD 48: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection on FD 48: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection on FD 48: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
