Re: [squid-users] ACL blocks http, but not https

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 27 Oct 2010 20:58:46 +1300

On 27/10/10 19:57, Daniel van Soest wrote:
> Marc Muehlfeld schrieb:
>> Hello,
>>
>> I have blocked some URLs through an url_regex acl, which works, if the
>> URL contains any protocol execept https.
>>
>> The "blocked_urls.lst" file contains lines like:
>> ([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
>> I've tested the regex using an online regex tester:
>> "http://www.facebook.com" and "https://www.facebook.com" both match.
>> But the https address can be reached, so I think, there must be a
>> problem in my configuration (see below).
>>
>> I use 2.6.STABLE21 on CentOS 5.
>>
>> Regards,
>> Marc
>
> Hi Marc,
>
> access control works in squid with "first match". Your https request
> matches at the following config line first:
>
> > http_access deny CONNECT !SSL_ports
>
> therefore your nice RegEx is never going to see the the request.
> Move the RegEx to the top or the connect rule to the bottom of your ACLs.

No. The ! affects this. That line does not match for HTTPS.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2
Received on Wed Oct 27 2010 - 07:58:54 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 27 2010 - 12:00:05 MDT