Hi there Doing "peek+splice - but no actual bump" in formal proxy mode works well when you want to use squid to block https sites via acls: it can return an error page to the client's CONNECT request and the browser can show that error to the user. However, in "peek+splice" transparent mode, squid has no real mechanism to return a nice error page - totally understandable - to do so would require bump so that an HTTPS page could be returned. What I'm seeing (in transparent mode) is clients attempting to connect to a blocked https website hanging forever - and even after they time out, I don't see anything in the squid access.log. I have "deny_info" set to return error pages via my old squidguard CGI - but they will only work in the CONNECT case of course. Is there any way I could do (say) TCP_RESET on the transparent case and keep doing nice error messages on the CONNECT case? I doubt there could be anything better without going full bump This is CentOS6 with iptables for transparent 443 and squid-3.5.10 -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
