[squid-users] "ACCESS DENIED" page by ssl_bump terminate
Alex Rousskov
rousskov at measurement-factory.com
Mon Mar 28 14:59:13 UTC 2016
On 03/27/2016 11:59 PM, Alexandr Yatskin wrote:
> Directive "deny_info" didn't work when we blocked https site with option
> "ssl_bump".
"deny_info" is not compatible with the ssl_bump "terminate" action. The
"terminate" action means "Close client and server connections". It is
impossible to serve an [error] response on a closed connection.
IIRC, blocking the CONNECT request (fake or real) with http_access is
enough to force Squid to respond with an "access denied" error -- Squid
should automatically bump the client connection (if that is still
possible when the CONNECT request is blocked) to serve an error response.
HTH,
Alex.
More information about the squid-users
mailing list