On 2/12/19 11:22 PM, leomessi...@yahoo.com wrote: > Actually i don't understand if it could be done or not!!
And I do not know what you mean by "it" here. * Can Squid send a blocking error page to an HTTPS client? Yes. * Will the browser show that error page to the user without any additional warnings or questions if you do not install your CA certificate in the browser? No. * Does installing your CA certificate in the browser guarantee that the browser will display the error page without any additional warnings or questions? No; there are other factors at play here such as certificate pinning. Installing your CA certificate is necessary but may not be sufficient in some cases. > can you show me the correct configuration for blocking HTTPS requests > with showing access denied page to clients?! AFAICT, you already have the correct Squid configuration for blocking HTTPS requests. In fact, your previous email appears to confirm that your clients are getting the blocking response from Squid! AFAICT, your current problem is that you want users to see that blocking response as if it came from the origin server -- without any additional browser questions or warnings. For that, you have to install your CA certificate in client browsers (but, again, that may not be sufficient in some cases). Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
