[squid-users] Squid custom error page

Walter H. Walter.H at mathemainzel.info
Wed May 17 14:42:13 UTC 2017

On 17.05.2017 16:04, Amos Jeffries wrote:
> On 17/05/17 23:32, chcs wrote:
>> Expected Results:
>> Display proxy server error page with deny info.
> This is a well-known problem with Browsers, they all refuse to display 
> any response to a CONNECT tunnel message.
> <http://wiki.squid-cache.org/Features/CustomErrors#Custom_error_pages_not_displayed_for_HTTPS> 
> Use of TLS to secure the connection to the proxy does not affect this 
> browser behaviour on HTTPS traffic. The best you can hope for is to 
> make Squid use a 511 status code with deny_info and hope that it 
> chooses to display something halfway useful.
there seems to be another problem ...

at my setup any browser shows the proxy messages;

with deny_info the special page
without just the ERR_ACCESS_DENIED as default ...

my squid 3.5,25 (CentOS 6.9) - thanks to
Eliezer Croitoru for doing this good job;

the custom error pages are only shown, when the proxy does
SSL interception and the browser has installed the squid CA certificate ...

why is this:

without SSL interception, the browser sends a CONNECT
and expects a SSL/TLS handshake, instead he gets an
HTTP reply with the custom error page, which the browser
doesn't know to handle at this moment ...
only the information of HTTP header is processed;

in case someone has configured https_port this is just the same,
because the SSL/TLS connection to the webserver is tunneled inside
the SSL/TLS connection between client and browser ...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170517/4c0dc3c3/attachment.bin>

More information about the squid-users mailing list