[squid-users] deny_info
Amos Jeffries
squid3 at treenet.co.nz
Thu Nov 16 07:40:28 UTC 2017
On 14/11/17 22:46, Vieri wrote:
> Hi,
>
> I'm trying to figure out how to correctly handle ERROR pages (or deny pages) in one particular case.
>
> An HTTP client is trying to access a website as https://example.org/.
>
> I'm getting the following info in cache.log:
>
> 2017/11/14 09:11:11.481 kid1| 85,2| client_side_request.cc(745) clientAccessCheckDone: The request GET https://example.org/ is ALLOWED; last ACL checked: bl_lookup
> 2017/11/14 09:11:11.481 kid1| 85,2| client_side_request.cc(721) clientAccessCheck2: No adapted_http_access configuration. default: ALLOW
> 2017/11/14 09:11:11.481 kid1| 85,2| client_side_request.cc(745) clientAccessCheckDone: The request GET https://example.org/ is ALLOWED; last ACL checked: bl_lookup
> 2017/11/14 09:11:11.591 kid1| 88,2| client_side_reply.cc(2073) processReplyAccessResult: The reply for GET https://example.org/ is DENIED, because it matched denied_restricted1_mimetypes_rep
> 2017/11/14 09:11:11.591 kid1| 88,2| client_side_reply.cc(2073) processReplyAccessResult: The reply for GET https://example.org/ is ALLOWED, because it matched denied_restricted1_mimetypes_rep
>
> This is what I have in squid.conf (part of it):
>
...
> acl denied_restricted1_mimetypes_rep rep_mime_type -i "/opt/custom/proxy-settings/denied.restricted1.mimetypes"
...
> http_reply_access allow denied_restricted1_mimetypes_rep allowed_restricted1_domains
> http_reply_access allow denied_restricted1_mimetypes_rep allowed_restricted1_ips
>
...
> http_reply_access deny denied_restricted1_mimetypes_rep
>
...
>
> ----
>
> I understand Squid accepts the REQUEST, but not the REPLY as it matches denied_restricted1_mimetypes_rep. However, I don't understand why the client browser doesn't display the deny_info page at http://proxy-server1/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_mimetypes. Instead, it shows ERR_ACCESS_DENIED.
Because there are actually no custom deny_info attached to that
"denied_restricted1_mimetypes_rep" ACL.
Amos
More information about the squid-users
mailing list