-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/11/2014 9:45 p.m., navari.lorenzo wrote: > hello boys, excuse my bad english > > there is something i don't understand. If i write an URL into a > browser which use Squid (for example www.xxx.com) (denied whith an > acl) > > I expect that Squid answer saying: you cannot access this url > because it is a denied url. This should happen without squid goes > to look for that url. > > What's wrong ? Your thinking is wrong. 1) When you enter an HTTP URI the browser passes *the URL* to Squid and asks for it. -> Squid replies 403 Forbidden (to access URL) 2) when you enter an HTTPS URL the browser tries to open a CONNECT tunnel through the proxy. -> Squid replies 403 Forbidden (to setup tunnel). *** HTTPS URL is never seen by Squid (unseen URL cannot be forbidden) -> Browser leaves your https:// URL in the address bar. ** Browser people think its false to display the 403 Forbidden (about CONNET) as the page, because the URL in address bar was not forbidden. Which is understandable though annoying - only the CONNECT tunnel is known to be forbidden. So what does the browser display for HTTPS URLs? "Cannot CONNECT to server" or something like that. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUWz4jAAoJELJo5wb/XPRj0fQH/0K3+WFy9ld2g7div1ygGjbA Y8xHFSTEXlw1QcuFHGDudKaAKVsGrnbLk0MTKSVcG0zooWpvqHKM3gvtkRt2da9K vPMNGgI1cZ97NZqoJOOYlI8aXSpVUT6Bx/1+cPRLdmIpbD8OZSIhZ3UfPBtL3VIN gFtgkMAGj5quQmjHIFOJbXZgkc+zZY9rbt0oBhji8CtK6B9DfK2yRZe25gneDnz4 rt9TzUoaFnExvdsJUKWRGTqn0fEc9N5JDaK1kx/UBgjNPpszbVUVZQFVPipe/Mrn Gz4bff49EeQ2ZsAoCrSr7dalB1dcH2fPs2ROGYNtPG7HxxYf8AN+t85jTP9NUsA= =fNhm -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
