On 17/05/17 23:32, chcs wrote:
Firefox 53.0.2 , Chrome 58.3029 y Opera 44 display "Proxy Server Refused
Connection" page, instead of Squid custom error page, when connect to HTTPS
site which blocked by proxy server.
For example we try to connect to https://www.something.com via Squid proxy
server which denied with 403 error this connect and send custom error page
with description of problem in older versions it's worked.
I'm using pfSense 2.4 (actual version squid 3.5.24).
Reproducible: Always
Steps to Reproduce:
1. Configure Firefox to use proxy server (SSL Proxy).
2. HTTPS/SSL Interception , Enable SSL filtering, splice all, CA: Let's
Encript autority
3. Try to connect to HTTPS site, which will be blocked by proxy server
Actual Results:
Firefox will display "Page Load Error" with description "Proxy Server
Refused Connection. Firefox is configured to use a proxy server that is
refusing connections."
If we connect to HTTPS site which not blocked by proxy server OR using CA
self-signed issuer , all works fine.
Expected Results:
Display proxy server error page with deny info.
This is a well-known problem with Browsers, they all refuse to display
any response to a CONNECT tunnel message.
<On 17/05/17 23:32, chcs wrote:
Firefox 53.0.2 , Chrome 58.3029 y Opera 44 display "Proxy Server Refused
Connection" page, instead of Squid custom error page, when connect to HTTPS
site which blocked by proxy server.
For example we try to connect to https://www.something.com via Squid proxy
server which denied with 403 error this connect and send custom error page
with description of problem in older versions it's worked.
I'm using pfSense 2.4 (actual version squid 3.5.24).
Reproducible: Always
Steps to Reproduce:
1. Configure Firefox to use proxy server (SSL Proxy).
2. HTTPS/SSL Interception , Enable SSL filtering, splice all, CA: Let's
Encript autority
3. Try to connect to HTTPS site, which will be blocked by proxy server
Actual Results:
Firefox will display "Page Load Error" with description "Proxy Server
Refused Connection. Firefox is configured to use a proxy server that is
refusing connections."
If we connect to HTTPS site which not blocked by proxy server OR using CA
self-signed issuer , all works fine.
Expected Results:
Display proxy server error page with deny info.
This is a well-known problem with Browsers, they all refuse to display
any response to a CONNECT tunnel message.
<http://wiki.squid-cache.org/Features/CustomErrors#Custom_error_pages_not_displayed_for_HTTPS>
Use of TLS to secure the connection to the proxy does not affect this
browser behaviour on HTTPS traffic. The best you can hope for is to make
Squid use a 511 status code with deny_info and hope that it chooses to
display something halfway useful.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users