On 20/03/2013 12:36 a.m., Jannis Kafkoulas wrote:
Hi, I'm using squid 2.7 on RHEL 5.6 and I have following issue: I want to restrict a client to accessing a specific https site and herein only a specific root path (and sub directories). So I tried this: acl restr_client src 10.1.1.100/32 acl restr_dom dstdomain www.example.com acl xyz urlpath_regex -i ^/xyz/ http_access deny restr_client !restr_dom http_access deny restr_client !xyz . . . The problem is that (as I can see in the access.log) it's being allowed to connect directly only if I use http but as soon as I'm using https the request is being blocked and I can't see anything in the access.log. Even if I use url_regex -i ^https://www.example.com instead of dstdomain it doesn't work. Any hints?
HTTP passes through Squid in the form of a CONNECT tunnel setup request, followed by encrypted bytes. Other than the hostname and port the client is contacting nothing is visible to Squid.
Amos
