> On 05/13/2018 06:15 PM, Martin Hanson wrote: > >> # THIS ISN'T WORKING!!! >> # https://www.ubuntu.com is blocked with "Access Denied" from Squid. >> http_access allow windows_boxes whitelist > > I suspect the request is blocked during SslBump step1 because there is > not enough information in the fake CONNECT request for ssl::server_name > to match ubuntu.com. Please keep in mind that ssl::server_name does not > do (reverse) DNS lookups, and the fake CONNECT request during step1 only > has an IP address, not a domain name. > > One way to test this theory is to (temporary) http_access allow CONNECT > requests to (ubuntu) IP addresses. Does that get you to SslBump step2, > where the fake CONNECT usually gets a domain name? Hi Alex, That makes sense and it seems you're right. I tried adding (the IP's the box currently sees as ubuntu.com, checked the log that it didn't change): acl ubuntu dst 91.189.89.103 91.189.89.110 http_access allow CONNECT ubuntu Then it works! How do I fix it then? Kind regards. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users