On 20/01/2017 9:32 a.m., roadrage27 wrote: > I was able to solve my previous issue of no connections and now have a > working squid along with http site filtering and regex working nicely. > > My current issue is the need to allow only certain sites which do include > some HTTPS sites. If i leave the line > > http_access deny CONNECT !SSL_ports > > within my conf file, no HTTPS traffic works, That tells me either you have screwed up the CONNECT ACL definition. Or the SSL_ports one. I suspect that whatever you have done is making HTTPS no longer use port 443. That needs to be fixed. > commenting it out and putting > in > > http_access allow CONNECT SSL_ports > > allows SSL but it allows all sites that are available to work with SSL to be > accessed. > Quite. The security protection intended by that rule is to deny the identifiably bad things and let your custom rules that follow decide what is allowed. > Is there a way to limit this access with an ACL and if so what is they > syntax? The required syntax is the default: acl SSL_Ports port 443 acl CONNECT method CONNECT http_access deny CONNECT !SSL_Ports Since you say that is not working, the problem is elsewhere and ACL definition will not solve the breakage. If you still need help, we will need to see what your squid.conf contains currently. And if you are intercepting, the rules used for doing that. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
