On 27/06/19 1:29 am, Anderson Rosario wrote: > I can not access to HTTPS sites, 3 weeks ago was working fine, without > doing any change in the topology update or config stopped and it is not > working with HTTPS sites. it keeps loading and I recieve a message from > navegators The connection to the server was reset while the page was > loading. > Your Squid is not doing anything with HTTPS at all. It lets CONNECT tunnels through - provided the server name meets your required ACLs. It may be related to Browser changes in how they handle non-200 responses to CONNECT since your access controls all require a login to take place. > *here my squid config:* > > # > visible_hostname proxy.local.local Really .local.local ? ...> http_port 3128 > > ######### AD AUTH ########### > auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b > "dc=local,dc=LOCAL" -D "cn=squid,ou=proxy,dc=local,dc=LOCAL" -w "123456" > -f sAMAccountName=%s -h 192.168.0.213 > > auth_param basic children 5 > auth_param basic realm Inserte su usuario de Windows para navegar > auth_param basic credentialsttl 1 hour > > external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -R > -b "dc=local,dc=LOCAL" -D "cn=squid,ou=proxy,dc=local,dc=LOCAL" -w > "123456" -f "(&(objectclass=person) > (sAMAccountName=%v)(memberof=cn=%a,ou=proxy,dc=local,dc=LOCAL))" -h > 192.168.0.213 > ############################## > > ###### ALCs que definen los grupos ###### > acl nivel0 external ldap_group nivel0 > acl nivel1 external ldap_group nivel1 > acl nivel2 external ldap_group nivel2 > acl nivel3 external ldap_group nivel3 > acl nivel4 external ldap_group nivel4 > acl nivel5 external ldap_group nivel5 > acl nivel6 external ldap_group nivel6 > > ######################################### > ... > ######################### > > ###### Reglas de acceso ###### > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > > # > http_access allow nivel6 > http_access allow nivel5 > http_access allow nivel4 > http_access allow nivel3 !rule3 !desc3 !rule7 !desc7 > http_access allow nivel2 !rule2 !desc2 !rule7 !desc7 > http_access deny nivel1 !rule1 > http_access allow nivel1 !desc1 !rule7 !desc7 > http_access deny nivel0 > http_access deny all > ############################## > > Due to the "deny all" being above the http_access lines below do anything. What this means is that external parties *are* allowed to access the proxy management reports and potentially private info about other clients. ... not only is the below recommended *minimum* config. It is supposed to be listed early like the Safe_ports and SSL_ports rules in order to protect your network from attacks. > # Recommended minimum Access Permission configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
