On Monday 12 July 2021 at 20:12:03, Marcio B. wrote: > I have the following problem on my Squid 4.6 on Debian 10. > > Squid does not redirect the user to the error page when blocking an HTTPS > url. On HTTP it works correctly. Short answer - it can't. Longer answer - browser requests https://thing.example.com Squid won't allow connection to thing.example.com, and wants to send the browser to an error page instead. The error page cannot possibly have the correct certificate for https://thing.example.com (because that's signed by some genuine CA), so the browser won't accept the error page as being valid. Squid cannot even send an HTTP 302 redirect back to the browser, because that also is HTTPS content, and would need to have the correct certification for the browser to accept it and follow the redirect. So, what you want is understandable, but not possible. The only option I can think of is to add a CA certificate to all your browsers, and get Squid (somehow; sorry, I don't know how) to issue either a redirect or a substitute web page, claiming to tbe the original web server, and with a certificate signed by that CA that your browsers now trust. I suspect that involves transparent interception, but someone might know how / whether it can be done. Antony. -- "The future is already here. It's just not evenly distributed yet." - William Gibson Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
