This is a Internet Explorer setting under "Internet Options -> Advanced -> Browsing" called "Show Friendly HTTP Error messages", disable this to get the real error messages. ALSO, if you are trying to simply block facebook, create a dstdomain ACL instead, and don't forget to include fbcdn.net. --------------------------------------------- Chad E. Naugle Tech Support II, x. 7981 Travel Impressions, Ltd. >>> "Vonlanthen, Elmar" <Elmar.Vonlanthen@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> 11/15/2010 10:23 AM >>> Hello all I have the following setup: - Windows client with Internet Explorer and configured squid proxy for HTTP *and* HTTPS. - Squid 3.1.8 as proxy - Squid access rule: acl facebook url_regex facebook.com http_access deny facebook If the client is trying to connect to https://www.facebook.com, the IE cannot display the squid "access denied" page (IE displays the default message "Cannot display the website"). It makes sense, because squid cannot send the error page back via HTTP, if the client is sending a CONNECT request. But is there any possiblility to do this anyway? I did some tests with ssl_bump, deny_info, url_rewrite but wasn't successful. I wonder if I am the only person with this problem. Any ideas? Thanks for any help. Best regards Elmar Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
