Squid proxy not resolving names of whitelisted sites dns name

scarypezsantagmail.com · Sep 8, 2017, 7:00 PM

I have blocked all but a couple domains, google.com and microsoft.com, using squid and squidguard. Sites on other domains are blocked as expected. Sites on those domains that are not blocked give this strange message:

The following error was encountered while trying to retrieve the URL: https://http/*
Unable to determine IP address from host name http
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
Your cache administrator is admin@localhost.

I tried enabling "Resolve DNS IPv4 First" and I tried entering a DNS server for "Use Alternate DNS Servers for the Proxy Server" but neither helped. The error seems like it is trying resolve the url "https://http/*" but maybe that is just a mistake in the error message?

Not sure what else to try at this point.

chidgear · Sep 14, 2017, 12:20 AM

I had that error when using transparent mode and ssl bumping. I got rid of it by using explicit proxy with WPAD

doktornotor · Sep 14, 2017, 8:32 AM

Read this:

https://wiki.squid-cache.org/Features/CustomErrors?highlight=%2528faqlisted.yes%2529#Custom_error_pages_not_displayed_for_HTTPS
https://redmine.pfsense.org/issues/6777#note-2

Not a Squid issue. This is how browsers are implemented.