[squid-users] Error accessing the 403 page

Amos Jeffries squid3 at treenet.co.nz
Fri Jan 1 22:22:37 UTC 2016


On 2016-01-01 23:28, Alex Samad wrote:
> Hi
> 
> I installed 3.5.12 and when I try and get to a page that is blocked. I
> used to get an message page that said contact the admin person.
> 
> trying to get to
> http://bcp.crwdcntrl.net/squid-internal-static/icons/SN.png
> 
> 
> This is part of the error generated
> The following error was encountered while trying to retrieve the URL:
> http://alcdmz1:3128/squid-internal-static/icons/SN.png
> 
> alcdmz1 is the proxy server
> 
> I seemed to have blocked access to all error messages. not sure how as
> I haven't made any changes except upgrading to .12 from .11

We fixed the Host header output on CONNECT requests to cache_peer 
between those versions. That is likely the reason it has started being 
visible.

The above URL is just an icon being served up by your Squid as part of 
the page display. The main error page text should have been sent as the 
body of the original 403 message itself.

Your http_access rules are the things rejecting it. Note that it 
contains the squid listening domain:port (alcdmz1:3128 or 
bcp.crwdcntrl.net:80) which your proxy machine is configured to announce 
publicly as its contain domain / FQDN.

The squid service needs to be publicly accessible at that domain:port 
that it is advertising as its public FQDN for this icon request to 
succeed. That means making the server hostname, or visible_hostname 
something that clients can access directly - and unique_hostname the 
private internal name the Squid instance uses to distinguish itself from 
other peers on the proxy farm.

Amos



More information about the squid-users mailing list