Hello,
I am using squid3 (3.4.8) to block several websites for several times - so far so good.
Unfortunately I am not able to block any https website.

-----
http_port 3128

acl localnet src 192.168.21.0/24 # RFC 1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443 # https
acl SSL_ports port 49300 # FRITZ-BOX
acl SSL_ports port 2818 # Apple siri
acl SSL_ports port 32400 # https Datengrab

acl Safe_ports port 81 # Webpage Webcams REOLINK

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
#http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Wann ist Internet NICHT erlaubt ...
acl internet_deny01 time MTWHFAS 00:00-08:30
acl internet_deny02 time MTWHFAS 22:00-23:59
acl internet_deny03 time MTWHFAS 00:00-23:59
# ... gilt NUR für BLOCKSITES !
acl blocksites dstdomain "/etc/squid3/blocksites.conf"

# Welche Clients sind betroffen
acl iPhone src 192.168.21.52

# iPhone
#http_access deny internet_deny01 blocksites iPhone
#http_access deny internet_deny02 blocksites iPhone
http_access deny internet_deny03 blocksites iPhone
deny_info ERR_CUSTOM_DENIED iPhone

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all
-----


Have tried:
http_reply_access deny internet_deny03 blocksites iPhone
http_access deny CONNECT internet_deny03 blocksites iPhone

But this does not work.

Any hint is welcome.

This page has 325 views and no replies which tells you:
"If I was you, I wouldn't start from here at all!"

Why not use a firewall like iptables top do a firewall's job?
I thought squid was for maximising throughput, not minimising it.

Thanks for your answer.

I agree that I can do this with iptables, but my intention was to block i.e. http://www.domain.de and https://www.domain.de in "one shot" with squid. It seems, that is not so simple.

Additionally, I am using squid not for caching, only for reporting (together with sarg and lightsquid) which client is accessing which website (including volume).