On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal <jetsystemservices@xxxxxxxxx> wrote:
I do not know the correct terms to the problem I have.
I have some clients that use a program that tries to connect to:
https://neodecksoftware.com/NeoMedOnline/ NeoMedOnlineService.svc
note that there is nothing between "//" and "neodecksoftware.com"...
[snip]
------------------------------------------------------------ ------------------------------ ----
1475581614.208 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT
neodecksoftware.com:443 - HIER_NONE/- text/html
1475582327.774 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT
neodecksoftware.com:443 - HIER_NONE/- text/html
note that the ACL applies on that connect string. Specifically "neodecksoftware.com"
/var/squid/acl/whitelist.acl:
[snip]
.assertus.com
.neodecksoftware.com
your whitelist for this domain says that it has "something" followed by that domain name...
.office.net
[snip]
# This file is automatically generated by pfSense
# Do not edit manually !
http_port 192.168.1.1:3128
http_port 127.0.0.1:3128
[snip]
acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
and your ACL refers to a regular _expression_...
http_access allow manager localhost
[snip]
# Always allow access to whitelist domains
http_access allow whitelist
and you allow that whitelist...
in the end, your regular _expression_ doesn't match.
"." means "any single character". you should replace that line with something like this:
^neodecksoftware\.com
(this is untested).
Note that all your entries need adjusting as well (they may be working, but not matching the way you think they do).
HTH,
Jok
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
