[squid-users] Problem with special HTTPS site (with squid.conf)

From: Dirk Datzert <Dirk.Datzert@dont-contact.us>
Date: Sat, 19 May 2001 19:45:09 +0200

> Hi All,
>
> I have recently tried to reached the following HTTPS sites thru squid:

>
> http://www.citibank.de -> go to link KONTO (switch to a HTTPS site)
> http://wwwca.telesec.de/Pub_Cert/ServPass/index.html
> -> go to link on left site 'Zertifikat beauftragen'
>
> Other HTTPS-Sites work fine:
>
> https://www.lufthansa.com/aerodyn/fb_main.aero?l=DE&pos=DE&p=fly
> http://service.sap.com (you will be redirected to a HTTPS site)
>
> My Squid version is Squid-2.3STABLE4 with ldap_auth and latested
patches
> on SuSE 7.0 with kernel 2.2.16. (no transparent proxy)
>
> If I try with another PROXY-System (Netscape Proxy 3.5 on AIX) it
works.
>
> Can anybody guest what's my problem ? I've checked out routing
problems
> and firewall problems.
>
> Thanx,

I attached the main squid.conf options

#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 82 # schuricht servlet port
acl Safe_ports port 81 # its wgate port test
acl CONNECT method CONNECT

# RHG specific
acl HTTPS proto HTTPS
acl HTTP proto HTTP
acl FTP proto FTP

acl password ldap_auth REQUIRED
acl authorized_user ldap_auth static superuser static www-user
acl superuser ldap_auth static superuser
acl www-user ldap_auth static www-user

acl mydomain dstdomain .rasselstein-hoesch.de

acl mime dstdomain mime.rasselstein-hoesch.de
acl http_mime port 1081

acl unknown_content urlpath_regex -i \.arc$
acl unknown_content urlpath_regex -i \.arj$
acl unknown_content urlpath_regex -i \.cab$
acl unknown_content urlpath_regex -i \.bin$
acl unknown_content urlpath_regex -i \.com$
acl unknown_content urlpath_regex -i \.ddl$
acl unknown_content urlpath_regex -i \.exe$
acl unknown_content urlpath_regex -i \.rar$
acl unknown_content urlpath_regex -i \.lha$
acl unknown_content urlpath_regex -i \.sys$
acl unknown_content urlpath_regex -i \.tar$
acl unknown_content urlpath_regex -i \.gz$
acl unknown_content urlpath_regex -i \.tgz$
acl unknown_content urlpath_regex -i \.zip$

# TAG: http_access
# Allowing or Denying access based on defined access lists

#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow mydomain all
http_access deny !authorized_user
http_access allow QUERY www-user
http_access deny unknown_content www-user
http_access allow FTP superuser
http_access allow HTTP authorized_user
http_access allow HTTPS authorized_user
http_access allow CONNECT SSL_ports authorized_user

http_access deny all

always_direct allow CONNECT SSL_ports
always_direct allow HTTPS
always_direct allow mydomain
always_direct allow mime http_mime
Received on Sat May 19 2001 - 11:45:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:12 MST