On 19.03.2012 19:09, Matus UHLAR - fantomas wrote: > > it's impossible for the proxy to pass error page to the browser, when > the user bypasses the proxy and connects to the website directly. > > You must deny direct access to HTTPS (port 443) sites by a firewall and > force browsers to use the proxy, if you want to control access on the > proxy. > > However, as long as HTTPS is encrypted, the only way you can allow/deny > users using some sites, is having list of sites (IP addresses) that will > be allowed (and deny access to others) or denied (and allow access to > others). Hi, Yes I understand that. However as the direct traffic to port 443 happens on the client computer and not on the server I don't have access to every client computer to block access to port 443 by a firewall and I don't think that is necessary. The user may or may not use the proxy, it's up to the user. However if he has configured the browser to use a proxy and the browser does not use the proxy (although user refused to authenticate) that's the problem. As I however said I first thought it was a browser problem, but it appears not to be as I can reproduce it on different browsers. May be it is not only a squid problem, it may be both a browser and a squid problem, I don't know. Regards, Milen
