[squid-users] "ACCESS DENIED" page by ssl_bump terminate
Yuri Voinov
yvoinov at gmail.com
Fri Mar 25 14:14:35 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
# TAG: deny_info
# Usage: deny_info err_page_name acl
# or deny_info http://... acl
# or deny_info TCP_RESET acl
#
# This can be used to return a ERR_ page for requests which
# do not pass the 'http_access' rules. Squid remembers the last
# acl it evaluated in http_access, and if a 'deny_info' line exists
# for that ACL Squid returns a corresponding error page.
#
# The acl is typically the last acl on the http_access deny line which
# denied access. The exceptions to this rule are:
# - When Squid needs to request authentication credentials. It's then
# the first authentication related acl encountered
# - When none of the http_access lines matches. It's then the last
# acl processed on the last http_access line.
# - When the decision to deny access was made by an adaptation service,
# the acl name is the corresponding eCAP or ICAP service_name.
#
# NP: If providing your own custom error pages with error_directory
# you may also specify them by your custom file name:
# Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys
#
# By defaut Squid will send "403 Forbidden". A different 4xx or 5xx
# may be specified by prefixing the file name with the code and a colon.
# e.g. 404:ERR_CUSTOM_ACCESS_DENIED
#
# Alternatively you can tell Squid to reset the TCP connection
# by specifying TCP_RESET.
#
# Or you can specify an error URL or URL pattern. The browsers will
# get redirected to the specified URL after formatting tags have
# been replaced. Redirect will be done with 302 or 307 according to
# HTTP/1.1 specs. A different 3xx code may be specified by prefixing
# the URL. e.g. 303:http://example.com/
#
# URL FORMAT TAGS:
# %a - username (if available. Password NOT included)
# %B - FTP path URL
# %e - Error number
# %E - Error description
# %h - Squid hostname
# %H - Request domain name
# %i - Client IP Address
# %M - Request Method
# %o - Message result from external ACL helper
# %p - Request Port number
# %P - Request Protocol name
# %R - Request URL path
# %T - Timestamp in RFC 1123 format
# %U - Full canonical URL from client
# (HTTPS URLs terminate with *)
# %u - Full canonical URL from client
# %w - Admin email from squid.conf
# %x - Error name
# %% - Literal percent (%) code
#
#Default:
# none
?
25.03.16 16:15, Alexandr Yatskin пишет:
> Hello everyone!
> How redirect users to "Access Denied" page when they go to blocked
https sites?
> Now users only can see such error: "ERR_CONNECTION_CLOSED".
>
> There are several lines from our config:
> ------------------------------------------
> acl blocked_https ssl::server_name "/etc/squid/blocked_https.txt"
> ssl_bump terminate blocked_https
> ------------------------------------------
> Thanks in advance.
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW9UfKAAoJENNXIZxhPexG2KMH/1ACiOlqrvMRngV3K5xTKTQ+
ryx1oFWqH7sbn9vsAALZ8QBeVzucrH0XjDGRqbH7ehUd4a9XS0s03KsyGcDj5YAE
1uq5SYB+oSHpOYTEPN2uMUUTiMy1m3ZUq/Z9AONHEVu3avmRwliGpb7xMGMB7ORn
Oy/du+I8YsB9r7O2zIDTStmdafdpu/7Xf0NqWB1awxUyU3v9Q2gTckOiQcWKnCFG
3xY0sh9xAxayh0x1O7IuIbyhHRnFIhVbVI1fD3RDd5TqhkP61vtQyDsXMtC8Rxa1
HJSjttjN2Y3kgVGK57rJOaT1spR2B6Rfy98ZhXK/TI81cXmtgnM0987EB4p8OGw=
=kPrb
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160325/665f1b2c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160325/665f1b2c/attachment.key>
More information about the squid-users
mailing list