LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-11-2015, 02:18 AM   #1
vineetcornelius
LQ Newbie
 
Registered: May 2012
Posts: 24

Rep: Reputation: Disabled
sQUID NOT ALLOWING BROWSING FOR SECURED CONNECTION


SIR

I HAVE RECENTLY INSTALLED CENTOS7 AND CONFIGURED SQUID ON IT . I AM FACING A TYPICAL PROBLEM I AM ABLE TO BROWSE THE NORMAL PAGES BUT WHEN ANY PAGE THAT STARTS WITH HTTPS:\\ IS NOT ALLOWED TO BROWSE.
I HAVE CHECKED MY SQUID.CONF FILE BUT AM UNABLE TO FIND THE PROBLEM.
I HAVE DISABLE SELINEX AND THERE ARE NO RULES IN IPTABLES ALSO.

KINDLY HELP

PASTING MY SQUID.CONF FILE

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl all src all
#acl manager proto cache_object
#acl localhost 127.0.0.1/32
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl localnet src 191.254.178.0/24 191.254.28.0/24 10.0.43.0/24 10.0.42.0/24
http_access allow localnet
icp_access allow all

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
#http_access allow localhost manager
http_access allow localnet manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all


# Squid normally listens to port 3128
http_port 8899

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

cache_peer 191.254.178.76 parent 3128 0 no-query no-digest
#icp_access allow all

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Last edited by vineetcornelius; 03-11-2015 at 02:31 AM.
 
Old 03-11-2015, 02:34 AM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 476Reputation: 476Reputation: 476Reputation: 476Reputation: 476
I am not an expert on squid but this is the line which is different from what I see for default squid configuration:

Code:
#http_access allow localhost
You can try uncommenting this line and restart squid proxy. Another thing to note is that if you will not mention https in you squid configuration file it will automatically bypass it. Unless you want to capture https traffic you can just comment out https stuff.
 
Old 03-11-2015, 03:19 AM   #3
vineetcornelius
LQ Newbie
 
Registered: May 2012
Posts: 24

Original Poster
Rep: Reputation: Disabled
I uncommented the above line as you said but still the problem is same not able to browse the https pages
 
Old 03-11-2015, 03:22 AM   #4
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Try changing this line:
Quote:
acl SSL_ports port 443
to
Code:
acl Safe_ports port 443
and comment out this line:
Code:
http_access deny CONNECT !SSL_ports
and don't forget to restart squid for configuration change to take effect.

Last edited by veerain; 03-11-2015 at 03:24 AM.
 
Old 03-11-2015, 03:33 AM   #5
vineetcornelius
LQ Newbie
 
Registered: May 2012
Posts: 24

Original Poster
Rep: Reputation: Disabled
Tried but still the same problem the browser displays the page

unable to connect
firefox can't establish a connection to the server at infinity.icicibank.com
 
Old 03-11-2015, 03:52 AM   #6
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 476Reputation: 476Reputation: 476Reputation: 476Reputation: 476
Comment out https related stuff from proxy configuration, restart proxy and then try. If it works then yes it is something missing in the proxy file which you need to allow https traffic via proxy. If it doesn't work then you know it is not proxy.
 
Old 03-11-2015, 03:56 AM   #7
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Have you checked squid error log files.
 
Old 03-11-2015, 05:40 AM   #8
vineetcornelius
LQ Newbie
 
Registered: May 2012
Posts: 24

Original Poster
Rep: Reputation: Disabled
Help is required thank you
 
Old 03-11-2015, 02:18 PM   #9
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,916

Rep: Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689
Quote:
Originally Posted by vineetcornelius View Post
SIR
I HAVE RECENTLY INSTALLED CENTOS7 AND CONFIGURED SQUID ON IT . I AM FACING A TYPICAL PROBLEM I AM ABLE TO BROWSE THE NORMAL PAGES BUT WHEN ANY PAGE THAT STARTS WITH HTTPS:\\ IS NOT ALLOWED TO BROWSE. I HAVE CHECKED MY SQUID.CONF FILE BUT AM UNABLE TO FIND THE PROBLEM. I HAVE DISABLE SELINEX AND THERE ARE NO RULES IN IPTABLES ALSO.
Since you've been using squid for three years now, you should be very familiar with the documentation. Have you checked it?
http://www.eu.squid-cache.org/Doc/config/https_port/
http://wiki.squid-cache.org/Features/HTTPS

...and there are over 1,500 hits on LQ for questions similar to this,
http://www.linuxquestions.org/questi...-https-741904/

...as well as many results through Google. Did you try anything???
http://tektab.com/2012/09/28/squid-t...s-ssl-traffic/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to run secured connection in ubuntu 10.04 ntu929 Linux - Networking 2 03-18-2011 12:01 AM
Can't connect on a secured wireless connection LittleHorse Linux - Wireless Networking 1 07-20-2008 09:27 PM
Blocking port 80 on NAT and allowing browsing thru squid krishvij Linux - Networking 2 07-19-2005 06:10 AM
only allowing web browsing accross the linux box antken Linux - Networking 6 09-17-2003 05:41 PM
Secured Connection with SSH SUKHOI_Flanker Linux - Software 0 07-03-2003 02:50 AM


All times are GMT -5. The time now is 12:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration