On 8/12/19 3:16 PM, Garbacik, Joe wrote: > I am trying to permit access to something like the following, > https://www.example.com/world, without providing access to the whole site. > 2019/08/12 10:40:29.081 kid1| 33,4| client_side.cc(1471) quitAfterError: Will close after error:... > HTTP/1.1 403 Forbidden > http_access allow SrcSubnet DSTDOMAIN_ALLOW URLPATH_ALLOW You are probably (implicitly) denying the CONNECT request sent by client to Squid. Squid needs to process that CONNECT request (that does not have URL paths) before Squid can bump the TLS tunnel (and see in-tunnel requests with URLs that have paths). If you deny CONNECT, Squid will bump the client connection and respond with a (delayed) "access denied" error to the first in-tunnel request, regardless of what that first in-tunnel request is. Rule of thumb: Make everything work, including SslBump, _before_ applying custom filtering rules. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
