[squid-users] ACL in custom error page
Alex Rousskov
rousskov at measurement-factory.com
Wed Mar 14 02:33:02 UTC 2018
On 03/13/2018 06:08 PM, Amos Jeffries wrote:
> On 14/03/18 05:46, Eduardo Carneiro wrote:
>> Hello everyone!
>>
>> Is there any way to display, in my custom error pages, the acl that denied
>> access?
>
> Two things:
>
> 1) There is no single ACL that denied Access. There is always an entire
> sequence of checks.
>
> 2) The error page template code has not yet been updated to support
> generic logformat codes which do have a code for the last ACL that was
> tested (note that this may have been the one which _allowed logging_).
And two more:
3) We are working to support major logformat %codes in error pages. The
patches are going through internal review cycles right now.
4) In modern Squids, the best way to log access denial (and similar)
decisions is often via ACL-triggered annotations (rather than the old
"the last ACL touched by somebody" hack). See annotate_transaction in
squid.conf.documented. The corresponding %note logformat code should be
available in error page templates as the result of (3).
Cheers,
Alex.
More information about the squid-users
mailing list