Search squid archive

Re: Whitelist ONLY exception isn't working correctly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 05/13/2018 06:15 PM, Martin Hanson wrote:
> 
>> # THIS ISN'T WORKING!!!
>> # https://www.ubuntu.com is blocked with "Access Denied" from Squid.
>> http_access allow windows_boxes whitelist
> 
> I suspect the request is blocked during SslBump step1 because there is
> not enough information in the fake CONNECT request for ssl::server_name
> to match ubuntu.com. Please keep in mind that ssl::server_name does not
> do (reverse) DNS lookups, and the fake CONNECT request during step1 only
> has an IP address, not a domain name.
> 
> One way to test this theory is to (temporary) http_access allow CONNECT
> requests to (ubuntu) IP addresses. Does that get you to SslBump step2,
> where the fake CONNECT usually gets a domain name?

Hi Alex,

That makes sense and it seems you're right.

I tried adding (the IP's the box currently sees as ubuntu.com, checked the log that it didn't change):

acl ubuntu dst 91.189.89.103 91.189.89.110
http_access allow CONNECT ubuntu

Then it works!

How do I fix it then?

Kind regards.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux