It seems the version of squid in ports for 5.2 doesn't support SSL or doesn't support it the same way. What changed?
The errors: 2013/03/16 00:33:30| The request CONNECT bitomat.pl:443 is DENIED, because it matched 'Safe_ports' 2013/03/16 00:33:30| The reply for CONNECT bitomat.pl:443 is ALLOWED, because it matched 'Safe_ports' It only started doing this after I upgraded from 5.1 to 5.2 and rebuilt squid in ports. On Sat, Mar 16, 2013 at 9:26 AM, Stuart Henderson <[email protected]>wrote: > On 2013-03-15, John Tate <[email protected]> wrote: > > I have a server I use to serve a squid proxy only accessible via ssh > > tunnel, which has worked fine for over a year. I upgraded from OpenBSD > 5.1 > > to OpenBSD 5.2 and I've also rebuilt squid in ports. It has stopped > working > > for ssh tunnel connections. It works for the elinks browser, but both > > should be from localhost and be no different as far as I know. > > > > I get these errors in the log: > > [15/Mar/2013:04:01:40 -0700] elijah.secusrvr.com mail.google.com"CONNECT > > mail.google.com:443 HTTP/1.1" 403 1323 "-" "Mozilla/5.0 (X11; Linux > x86_64) > > AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 > Safari/537.22" > > TCP_DENIED:NONE > > > > iirc TCP_DENIED/403 is due to acl, try following this about getting > some more logging: > > > http://wiki.squid-cache.org/SquidFaq/SquidAcl#I_set_up_my_access_controls.2C_but_they_don.27t_work.21__why.3F > > "localhost" can be all sorts of things: 127.0.0.1, ::1, or even some > other address, depending on what's set in /etc/resolv.conf and /etc/hosts. > > -- www.johntate.org
