[squid-users] Squid custom error page

Dijxie dijxie at gmail.com
Wed May 17 14:25:03 UTC 2017

W dniu 17.05.2017 o 13:32, chcs pisze:
> Firefox 53.0.2 , Chrome 58.3029 y Opera 44 display "Proxy Server Refused
> Connection" page, instead of Squid custom error page, when connect to HTTPS
> site which blocked by proxy server.
> For example we try to connect to https://www.something.com via Squid proxy
> server which denied with 403 error this connect and send custom error page
> with description of problem in older versions it's worked.
> I'm using pfSense 2.4 (actual version squid 3.5.24).
> Reproducible: Always
> Steps to Reproduce:
> 1. Configure Firefox to use proxy server (SSL Proxy).
> 2. HTTPS/SSL Interception , Enable SSL filtering, splice all, CA: Let's
> Encript autority
> 3. Try to connect to HTTPS site, which will be blocked by proxy server
> Actual Results:
> Firefox will display "Page Load Error" with description "Proxy Server
> Refused Connection. Firefox is configured to use a proxy server that is
> refusing connections."
> If we connect to HTTPS site which not blocked by proxy server OR using CA
> self-signed issuer , all works fine.
> Expected Results:
> Display proxy server error page with deny info.
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-custom-error-page-tp4682433.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

This is intentional Firefox behavior since long time ago:

Even if this bug is outdated,  it is browser thing how to render error 
pages, not squid's fault.
You may try to redirect (instead of blocking) your blocked page to your 
custom page that looks exactly  like sqid's internal error page, but 
then You will see browser's SSL security warning, since page you have 
requested was SSL, and your error page is not - the same goes for 
internal error pages.
Proxies error pages are nowadays usually replaced by browsers due to 
security reasons in case of SSL pages.

If your custom-pretending-to-be-squid's-internal page would be SSL with 
valid cert, my guess is your problem is solved.

Greets, Dijx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170517/6ed82198/attachment.html>

More information about the squid-users mailing list