I was able to resolve my issue partially. I burned down the server and rebuilt it clean so all previous changes that were made attempting to make SSL work were gone. Once i reloaded squid and the config files i was able to allow SSL traffic using the dstdomain acl type. I currently have a few URLS that are regex type that need to be allowed so im currently cranking out those. On Fri, Jan 20, 2017 at 8:36 AM roadrage27 [via Squid Web Proxy Cache] < ml-node+s1019090n4681219h44@xxxxxxxxxxxxx> wrote: > >That tells me either you have screwed up the CONNECT ACL definition. Or > >the SSL_ports one. > Very possible as im pretty green on squid, my current conf file is below. > with that conf the SSL sites just sit and spin until the eventually time > out. > > acl site_squid_art url_regex ^http://www.squid-cache.org/Artwork > acl keepgoing dstdomain .plateau.com .skillwsa.com .successfactors.com > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access allow keepgoing > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > #http_access allow CONNECT SSL_ports > http_access allow localhost manager > http_access allow site_squid_art > http_access allow localhost > > > http_port 3132 > > > access_log /var/log/squid3/squid3132.log squid > > pid_filename /var/run/squid3132.pid > coredump_dir /var/spool/squid3 > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 > #refresh_pattern . 0 20% 4320 > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-site-filtering-tp4681198p4681219.html > To unsubscribe from HTTPS site filtering, click here > <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4681198&code=YWxleC50YXRlQGdtYWlsLmNvbXw0NjgxMTk4fDIwMjU4MDQxMw==> > . > NAML > <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-site-filtering-tp4681198p4681224.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
