I do not know the correct terms to the problem I have. I have some clients that use a program that tries to connect to: https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc Went to the access.log and found the neodecksoftware.com is being denied even that I have it in a whitelist file. The below info is the error lines fund, the whitelist file content, and the squid conf: ---------------------------------------------------------------------------------------------- 1475581614.208 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT neodecksoftware.com:443 - HIER_NONE/- text/html 1475582327.774 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT neodecksoftware.com:443 - HIER_NONE/- text/html /var/squid/acl/whitelist.acl: .familymedicinepr.com .anydesk.com .teamviewer.com .secureserver.net .gmail.com .mail.yahoo.com .outlook.com .aol.com .libertypr.net .coqui.net .prtc.net .assertus.com .neodecksoftware.com .office.net .microsoft.com .office.com .live.com # This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.1.1:3128 http_port 127.0.0.1:3128 icp_port 0 dns_v4_first off pid_filename /var/run/squid/squid.pid cache_effective_user squid cache_effective_group proxy error_default_language en icon_directory /usr/local/etc/squid/icons visible_hostname pfsense cache_mgr jetsystemservices@xxxxxxxxx access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable on pinger_program /usr/local/libexec/squid/pinger logfile_rotate 31 debug_options rotate=31 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.1.0/24 127.0.0.0/8 forwarded_for on uri_whitespace strip acl dynamic urlpath_regex cgi-bin \? cache deny dynamic cache_mem 512 MB maximum_object_size_in_memory 256 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA minimum_object_size 0 KB maximum_object_size 4 MB offline_mode off cache_swap_low 90 cache_swap_high 95 cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #Remote proxies # Setup some default acls # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. # acl localhost src 127.0.0.1/32 acl allsrc src all acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535 444 acl sslports port 443 563 444 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. #acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections # From 3.2 further configuration cleanups have been done to make things easier and safer. # The manager, localhost, and to_localhost ACL definitions are now built-in. # http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Custom options before auth connect_timeout 2 # Always allow access to whitelist domains http_access allow whitelist auth_param basic program /usr/local/libexec/squid/basic_radius_auth -w Maint4030 -h pfsense -p auth_param basic children 5 auth_param basic realm Please enter your credentials to access the proxy auth_param basic credentialsttl 5 minutes acl password proxy_auth REQUIRED # Custom options after auth http_access allow password localnet # Default block all to be sure http_access deny allsrc ---------------------------------------------------------------------------------------------- Cordially, Jose _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users