>> This is my current squid.conf. I know I am overlooking something, but I cannot figure out what I am doing wrong. > > The comments on this config tell a story of some misunderstandings ... Thank you for all the valuable feedback. I originally set this up years ago. I have updated the different options. However, I am still faced with the same problem. If I add a HTTP domain to the whitelist, then the whitelist works for the HTTP domains ONLY, but the domains in the list which are HTTPS based are still blocked. I have also changed the "localnet" in order to avoid any "clashes" between the boxes, but that doesn't change anything. This is my updated configuration: Sitting on one of the "windows_boxes" and going to https://www.ubuntu.com/ gives: "Access Denied" from Squid. <SNIP> max_filedesc 4096 acl step1 at_step SslBump1 #acl localnet src 192.168.1.0/24 acl localnet src 192.168.1.2-192.168.1.200 # These boxes may ONLY access the whitelist. acl windows_boxes src 192.168.1.201 192.168.1.202 acl whitelist ssl::server_name .mojang.com .minecraft.net d2pi0bc9ewx28h.cloudfront.net mcupdate.tumblr.com minecraft-textures-1196058387.us-east-1.elb.amazonaws.com .steampowered.com .steamcommunity.com .steamgames.com .steamusercontent.com .steamcontent.com .steamstatic.com .akamaihd.net .launchpad.net .ubuntu.com # We don't want these to be cached. store_miss deny whitelist # Don't let SquidGuard do anything with the whitelisted domains. url_rewrite_access deny whitelist # We only redirect HTTP and HTTPS. acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # THIS ISN'T WORKING!!! # https://www.ubuntu.com is blocked with "Access Denied" from Squid. http_access allow windows_boxes whitelist http_access allow localhost http_access allow localnet http_access deny all # We'll intercept trafic using PF from clan. http_port 127.0.0.1:3129 intercept https_port 127.0.0.1:3130 intercept ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslproxy_cafile /usr/local/openssl/cabundle.file # Become a TCP tunnel without decrypting proxied traffic for the whitelist. ssl_bump splice whitelist ssl_bump peek step1 ssl_bump bump all # We want the query strings as well. strip_query_terms off # Leave coredumps in the first cache dir coredump_dir /var/squid/cache redirect_program /usr/local/bin/squidGuard -c /etc/squidguard/squidguard.conf </SNIP> Thanks for all the help! Kind regards. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
