How to terminate (close) the active CONNECT connection when matching ACL. I have worked on version 3.5.23 on Debian 9.0, I use user authentication in addition to ACL to filter IP, MAC, all this works correctly. I have an ACL of type proxy_auth (quota_end) that contains a list of users that have exceeded a certain quota, which I deny to prohibit the user to continue the connection after having consumed its quota, that is to say when it is added to the aforementioned list . This works correctly for HTTP connections but not for HTTPS connections, these links remain active until the user performs an update to the page (press F5). Not so new HTTPS links if they are denied. My question: Is there a way to terminate (close) the user's active HTTPS connection after matching the proxy_auth ACL (quota_end).
For more information here is my configuration, I manage several subnets, but I will only put one as an example: # - TO AUTHENTICATE Acl authentication proxy_auth REQUIRED # - (quota_end) Contains the users who consumed the assigned quota, it is used to deny the # - browsing these users and displaying the quota page exceeded. Acl quota_end proxy_auth "/ etc / squid / users / quota_end" # ---- NETWORKS Acl ip_ucm src "/etc/squid/redes_permitidas/ip_ucm.txt" Acl mac_ucm arp "/ etc / squid / allowed_networks / mac_ucm.txt" # ---- CONNECTION PORTS PERMITTED Acl SSL_ports port 443 # https | Acl SSL_ports port 563 # snews | Acl SSL_ports port 873 # rsync | Acl SSL_ports port 2187 # Iluminate | Acl Safe_ports port 80 # http | Acl Safe_ports port 21 # ftp | Acl Safe_ports port 443 # https | Acl Safe_ports port 70 # gopher | Acl Safe_ports port 210 # wais | Acl Safe_ports port 1025-65535 # unregistered ports Acl Safe_ports port 280 # http-mgmt | Acl Safe_ports port 488 # gss-http | Acl Safe_ports port 591 # filemaker | Acl Safe_ports port 777 # multilingual http Acl Safe_ports port 631 # cups | Acl Safe_ports port 873 # rsync | Acl Safe_ports port 901 # SWAT | Acl Safe_ports port 8888 # IRC | Acl Safe_ports port 2187 # Iluminate | Acl Safe_ports port 25 # smtp | Acl Safe_ports port 110 # pop3 | Acl CONNECT method CONNECT # Deny requests to certain unsafe ports Http_access deny! Safe_ports # Deny CONNECT to other than secure SSL ports Http_access deny CONNECT! SSL_ports # Only allow cachemgr access from localhost Http_access allow localhost manager Http_access deny manager # ----- DENY USERS EXHEDED YOUR QUOTA Http_access deny quota_end # - ALLOW USERS Http_access allow ip_ucm mac_ucm authentication! Quota_end # And finally deny all other access to this proxy Http_access deny all -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/ _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
