On 6/22/21 4:28 PM, Arctic5824 wrote: >> To disable HTTPS access through the proxy, simply deny all CONNECT >> requests using http_access rules. > Hey! thanks for the info, I just tried that but it seems https is still being allowed, and I can see it in the logs as well > "TCP_TUNNEL/200 717 CONNECT s.youtube.com:443 -" > my config is https://pastebin.com/8txzkEnG > and a version of the config without comments: https://pastebin.com/zuJYQpXW > acl CONNECT method CONNECT > http_access allow localhost > http_access deny CONNECT Squid bugs notwithstanding, either your Squid is not running with the configuration that you have shared with us OR that logged request comes from localhost. If you are not sure, I suggest shutting down Squid, making sure that nobody listens on port 3128 and then restarting Squid. Due to the first http_access rule, the test request must not come from the same machine Squid runs on. HTH, Alex. P.S. If you are worried about custom clients or scripts (not regular browsers) bypassing your controls, then you will also need to ban "GET https://..."; requests, but let's figure out the above basics first. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
