Hi Marcus, that did the trick, now it works as expected. Thank you very much Maritn Marcus Kool wrote: > Hi Martin, > > Squid is a little awkward: > the URL returned by squidguard must have the protocol as the original URL. > So for a URL with HTTPS protocol, squidguard must return a URL that uses > the HTTPS protocol. > This is really not nice but the workaround is to use a 302 redirection: > redirect 302:http://www.internal-server.com/blocked.html > > -Marcus > > > martin perner wrote: >> Hi, >> >> I'm running a squid 2.7.STABLE3 on a SLES10 as a normal proxy. >> >> For content-filtering we are using squidguard which redirects a user to >> a special page if he hits a blocked page. >> >> If the redirect goes to a http page everthing works as expeced. >> >> But if the redirect goes to a https page, the user gets a errorpage >> saying that the connection failed and the system returned '(71) Protocol >> error'. In the cache.log a error is printed (attached). >> >> A deny_info to the https page works without any problem. >> >> When i'm adding 'sslproxy_flags DONT_VERIFY_PEER' to the squid.conf the >> error disappears. >> >> The question is now: is the sslproxy_flags method opening any holes in >> the setup or is there an other way for solving this problem? >> >> Thanks in advance >> >> >> >> part of the cache.log (cut the detail about the certificate): >> >> 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) >> 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection >> on FD 48: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) >> 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) >> 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection >> on FD 48: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) >> 2008/09/03 17:50:05| SSL unknown certificate error 20 in (cert) >> 2008/09/03 17:50:05| fwdNegotiateSSL: Error negotiating SSL connection >> on FD 48: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) >> >>
