I'm missing something here... I had another squid/dansguardian proxy that was set up to pass though HTTPS traffic and I as using a URL blacklist to prevent "bad site" access. Unfortunately, that proxy was lost and I'm building anew. I have my browser set to port 3128 (squid) and when I try to attach to a SSL site there is a very long delay then I see three of the following messages: 02/Apr/2010,12:34:32, 21000,192.168.80.9,TCP_MISS/200,0,CONNECT,www.tcfbank.com:443,-,DIRECT/2 06.71.19.108,- So it looks like it's trying to go there. I already know I cannot do content filtering through HTTPS, but all I want is for the traffic to be passed through like I had it before. I'll block the places I don't want using a blacklist. Here's my config: Shorewall rules: ================= ACCEPT $FW net tcp www REDIRECT loc 8080 tcp www - ACCEPT loc fw tcp www ACCEPT loc fw tcp 53 ACCEPT loc fw tcp 22 ACCEPT loc fw tcp 443 Squid: ========= acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl to_localbox dst 192.168.80.5/32 acl mylocalserver dst 64.8.132.1/32 follow_x_forwarded_for allow localhost acl_uses_indirect_client on delay_pool_uses_indirect_client on log_uses_indirect_client on external_acl_type session ttl=300 children=1 negative_ttl=0 concurrency=200 %SRC /usr/lib/squid/squid_session -t 1800 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: http_access http_access allow mylocalserver http_access allow to_localbox deny_info http://192.168.80.5/index.php?url=%s session http_access allow session http_access allow SSL_ports http_access allow CONNECT SSL_ports http_access deny !session http_access deny !Safe_ports
